Blog
New Magecart Campaign Alters 404 Error Pages to Steal Shoppers’ Credit Cards
The campaign employs a multi-stage attack chain to capture sensitive information entered on checkout pages and exfiltrate it to a remote server, making it difficult to detect.
Researchers Uncover Grayling APT’s Ongoing Attack Campaign Across Industries
A previously undocumented threat actor of unknown provenance has been linked to a number of attacks targeting organizations in the manufacturing, IT, and biomedical sectors in Taiwan. The Symantec Threat Hunter Team, part of Broadcom, attributed the attacks to an...
New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise
Certain online risks to children are on the rise, according to a recent report from Thorn, a technology nonprofit whose mission is to build technology to defend children from sexual abuse. Research shared in the Emerging Online Trends in Child Sexual Abuse 2023...
Source Code of the 2020 Variant of HelloKitty Ransomware Leaked on Cybercrime Forum
The source code for the first version of the HelloKitty ransomware has been leaked on a Russian-speaking cybercrime forum. The threat actor, known as 'kapuchin0', claims to be developing a more powerful encryptor.
New Magecart Campaign Alters 404 Error Pages to Steal Shoppers’ Credit Cards
A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some...
Update: Caesars Entertainment Says Social-Engineering Attack Behind August Breach
Caesars Entertainment has confirmed that a social engineering attack on an outsourced IT support vendor led to a data breach, impacting tens of thousands of its customer rewards program members.
Poor Cybersecurity Habits are Common Among Younger Employees
Millennial and Gen Z workers exhibit more unsafe cybersecurity habits compared to older age groups, such as using the same passwords on multiple devices and sharing work devices with family and friends.
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks
The vulnerability, tracked as CVE-2023-43641, allows for remote code execution (RCE) on affected hosts. The issue is related to memory corruption in libcue and affects versions 2.2.1 and earlier.
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks
A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as CVE-2023-43641 (CVSS score: 8.8), the issue is described as a case of memory...
Update: 23andMe Scraping Incident Leaked Data on 1.3 Million Users of Ashkenazi and Chinese Descent
23andMe initially denied the legitimacy of the data but later acknowledged that unauthorized access to individual accounts may have occurred, highlighting the vulnerability of customer data even without deep network breaches.
FREE GUIDE