Researchers have uncovered a new Grelos skimmer, which demonstrates increased overlaps in Magecart infrastructure and groups making it difficult to separate various campaigns and their collaboration work.
ISBuzz Team
In response to reports that GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users, experts from cybersecurity firms Inkscreen and KnowBe4 offer perspective.
A US-based used electronics retailer has exposed over 2.6 million files, including ID cards and biometric images, after a misconfigured AWS S3 bucket was discovered. For background, a random scan for server vulnerabilities led to the discovery of the wide-open S3 bucket on October 12, 2020. The company itself appeared to be shuttered, with an invalid contact email and its website offline, but Website Planet contacted AWS two days later and the issue was eventually remediated. There were 80,000 or so images of personal identification cards such as driver’s licenses, and 10,000 fingerprint scans included in the millions of files found in…
It has been reported that previously unknown malware has been detected in widespread attacks against MercadoLivre, Latin America’s largest e-commerce platform. The malware, dubbed Chaes, is being deployed by a threat actor across the LATAM region to steal financial information.
HM Revenue & Customs has reported a staggering 367,520 reports of phishing email attacks during 2020, with data indicating a sharp rise in incidents after the UK went into its first lockdown in March. This is according to official data obtained by accountancy firm Lanop Outsourcing, under the Freedom of Information (FOI) act, which specifically revealed that HMRC faced an average of 26,100 phishing attacks in January and February 2020, before soaring to an average of 45,046 attacks per month from March to September – a 73 per cent increase. The lowest recorded number of phishing attacks during March-September 2020, took place…
Amazon is heading for a bumper Black Friday, with recent predictions suggesting that the online retailer will hoover up 65% of all spend with at least 67% of British consumers ditching bricks and mortar outlets in favour of web-based spending this year. In light of this news Webroot, a market leader in cyber resilience, has released new statistics revealing a huge spike in phishing URLs that include the word ‘Amazon’. The company’s Real-Time Anti-Phishing protection system found the following: Phishes targeting Amazon were up 64% in October when compared to September, reflecting Prime Day volumes.As of the 15th, November is registering a further 45%…
As part of our dot your expert comments, industry experts reacted on Mozilla’s latest Firefox release, which offers users always-on HTTPS encryption. You can read the blog from Mozilla here.
Canada has introduced the Digital Charter Implementation Act — officially called an “Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts.” It represents one of the biggest shakeups in Canada’s privacy law in decades. f the bill passes, companies could face fines of up to five per cent of global revenue or $25 million — whichever is greater — for the most serious offences. Officials said the legislation provides for the heaviest fines among the G7 nations’ privacy laws.
Researchers have found threat actors probing WordPress websites with Epsilon Framework themes installed on over 150,000 sites which are vulnerable to Function Injection attacks that could lead to full site takeovers. Just yesterday, they saw a surge of more than 7.5 million attacks against more than 1.5 million sites targeting these vulnerabilities, coming from over 18,000 IP addresses.
Cryptocurrency exchange Liquid has confirmed that on November 13 a hacker gained access to the company’s domain records, allowing the them to take control of several employee email accounts, and later compromised the company’s network.