A trojan malware campaign is targeting online banking users around the world with the aim of stealing credit card information, finances and other personal details. Detailed by cybersecurity researchers at Fortinet, the Metamorfo banking trojan has targeted users of over 20 online banks in countries around the world including the US, Canada, Peru, Chile, Spain, Brazil, Ecuador and Mexico. It marks an escalation in the attacks, which last month appeared to be restricted to compromising banks in Brazil but have now spread to other targets.
ISBuzz Team
Android users are targeted in a phishing campaign that will infect their devices with the Anubis banking Trojan that can steal financial information from more than 250 banking and shopping applications. The campaign uses a devious method to get the potential victims to install the malware on their devices: it asks them to enable Google Play Protect while actually disabling it after being granted permissions on the device. https://twitter.com/GRComputers/status/1225515122078121986
Security researchers taking a closer look at the Philips Hue smart bulbs and the bridge device that connects them discovered a vulnerability that helped them compromise more meaningful systems on the local network. Tracked as CVE-2020-6007, the bug has a severity score of 7.9 out of 10. It is a heap buffer overflow that can be exploited remotely in Philips Hue Bridge model 2.x to execute arbitrary code. Affected firmware versions are up to 1935144020, released on January 13. According to the researchers, an attacker can jump to other systems on the network using known exploits, such as the infamous EternalBlue. At this…
As reported by ZDNet around half a million computers used by the NHS are still running the outdated Microsoft Windows 7 operating system, missing the government’s own target of upgrading all PCs and laptops by January this year. And the real figure could be even higher. According to government figures, at least a third of the UK health service’s PCs are still running Windows 7.
Facebook have just announced new parental controls on its Messenger Kids platform that will allow parents to view their child’s chat history, in a move to better protect young people and give parents peace of mind when their children are online. This is one of several tools announced for the Messenger Kids platform, which first launched in 2017 as a more child-friendly way to communicate aimed at under-13s, controlled from a parent’s main Facebook account, according to Metro.
In response to the FBI’s warning of possible Distributed Denial of Service (DDoS) attacks on a state-level voter registration and information site in a Private Industry Notification (PIN), security experts commented below.
According to a blog post by PerimeterX, its cybersecurity researcher and JavaScript expert Gal Weizman found a find a gap in the Content Security Policy (CSP) used by WhatsApp, enabling bypasses and cross site scripting (XSS) on the desktop app.
It has been reported that tens of thousands of Brazilian soccer fans have been exposed as a publicly-accessible cloud storage bucket leaked several gigabytes of data with sensitive information stretching back several years. The leaky S3 bucket, investigated exclusively by ZDNet in partnership with Brazilian cybersecurity news website The Hack, was owned by Futebol Card, an online ticketing company that also provides member and loyalty program management systems to a number of major soccer clubs. Personal data belonging to supporters of a number of Brazilian organizations was involved in the incident, but the vast majority of the individuals exposed are fans of São Paulo-based…
Tens of thousands of Brazilian soccer fans have been exposed as a publicly-accessible cloud storage bucket leaked several gigabytes of data with sensitive information stretching back several years. Personal data belonging to supporters of a number of Brazilian organisations was involved in the incident, but the vast majority of the individuals exposed are fans of São Paulo-based soccer team Palmeiras, one of the country’s most popular and successful Brazilian clubs, with around 18 million supporters nationwide. The 25GB sample analysed contained a myriad of CSV files listing tens of thousands of names, contact details, dates of birth, marital status, social…
Twitter has disclosed a security incident involving the abuse of one of its official API features. Twitter admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of users en masse, which could lead to their de-anonymization through the exploitable API which has already been abused by systems in Iran, Israel and Malaysia.