Researchers have uncovered a Magecart Group 8 attack against blender vendor NutriBullet that installed credit card stealing malware on the company’s website. Security experts provide insight into this attack.
ISBuzz Team
Yesterday, Twitter updated its safety policy to prohibit tweets that “could place people at a higher risk of transmitting COVID-19”. This includes a number of different things, such as denying expert guidance, or tweets that misleadingly pretend to be from health authorities. The new guidelines will require users to remove offending tweets before they can tweet again – and they will be notified of this via email.
News has broken about today’s launch of Chrome 81 and its implications for the hundreds of thousands of websites that still use the outdated TLS 1 & 1.1 standards. We have known from some time that Chrome 81 will restrict access to any website using TLS 1 & 1.1, marking them as insecure. Websites still relying on these standards include those of major banks, retailers, news organisations and other high-profile businesses.
It has been reported that Tuition website TrueFire has informed users that an “unauthorised person” had access to the company’s computer system, and specifically to unencrypted information that was entered into its website, for a period of over five months. TrueFire, which boasts over 1 million users worldwide, explained that even though it does not store personal information itself, the ‘unauthorised user’ had potentially been able to harvest sensitive customer information as it was being entered into the site.
Intel processors are vulnerable to a new attack that can leak data from the CPU’s internal memory — also known as the cache. The attack, described as “Snoop-assisted L1 Data Sampling,” or just “Snoop” (CVE-2020-0550), has been discovered by Pawel Wieczorkiewicz, a software engineer at Amazon Web Services (AWS). At the technical level, the new Snoop attack takes advantage of CPU mechanisms like multiple cache levels, cache coherence, and bus snooping. A list of Intel processors, which includes Intel series like Core and Xeon CPUs,that are vulnerable to Snoop attacks is available here.
A research team at the University of York has exposed several severe flaws in nearly half of the password managers it tested. The researchers created a malicious app that was a mockup of a legit Google app and presented it to various password managers to see if they would fall for the lookalike. The spoofed app tricked two of five password managers into presenting the password, and the research also found that some of the password managers did not limit the number of times one can attempt the master PIN or password. This would allow a brute force attack to crack the…
The concept of trust is getting more attention these days. IDC has estimated security spending to reach $151 billion by 2023, noting a ‘C-level focus on trust’ as a key growth driver. Trust, according to IDC, now encompasses security, risk and compliance, privacy, and the various ways in which enterprises interact via people, technology and other aspects. As part of the overall trust landscape, enterprises embrace the chain of trust principle that every computing touchpoint individually should contribute to solid security across an enterprise. That principle surfaced again in January when the ‘Chain of Fools’ Microsoft vulnerability (CVE-2020-0601) entered the security landscape.…
Google is making progress on expanding the control users have over cookies in the Chrome browser with a new flag in Canary that enables an improved interface with more buttons and information. The experimental feature is available in the Android version 82 of the browser and adds two more options for cookie management.
In response to new research that indicates more than a quarter of security alerts fielded within organizations are false positives, cybersecurity experts offer perspective.
It has been reported that an open database is the source of a data leak leading to the exposure of 425GB in sensitive documents belonging to financial companies. Security researchers found over 500,000 “highly sensitive” documents, including private legal and financial files, that originated from Advantage and Argus. In total, 425GB was contained in the database at the time of discovery — and files were still actively being uploaded to the bucket as the team conducted their investigation. Entries related to the companies’ businesses, including credit reports, bank statements, contracts, legal documents, driver license copies, purchase orders and receipts, tax returns, Social Security information, and transaction…