A website collecting donations to help Australia’s Bushfire relief efforts has been hit with a Magecart attack according to researchers from MalwareBytes.
ISBuzz Team
The resurgence of an Android banking trojan, dubbed Faketoken, is draining victim’s banking accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world. Besides using fake logins and phishing overlay screens to steal credentials and exfiltrate mTAN numbers used by banks to validate online transactions, the malware can also generate customized phishing pages targeting over 2,200 financial apps, and can steal device information such as the IMEI and IMSI numbers, the phone number and more.
Emotet operators launched a sophisticated phishing attack against email addresses associated with users at the United Nations. The Emotet attackers are impersonating representatives of Norway at the United Nations in New York by sending malicious emails that state that there is a problem with an attached signed agreement to UN employees. If a victim opens the document and enables its content, malicious Word macros will be executed that downloads and installs Emotet on the computer. The malspam campaign was seen being sent to 600 unique email addresses at the United Nations.
Dating apps including Grindr, OkCupid and Tinder leak personal information to advertising tech companies in possible violation of European data privacy laws, a Norwegian consumer group said in a report Tuesday. The Norwegian Consumer Council said it found “serious privacy infringements” in its analysis of how shadowy online ad companies track and profile smartphone users. The council, a government-funded nonprofit group, commissioned cybersecurity company Mnemonic to study 10 Android mobile apps. It found that the apps sent user data to at least 135 different third party services involved in advertising or behavioural profiling. “The situation is completely out of control,” the council said, urging European regulators to…
Microsoft has released a software update to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organisations have been asked to sign agreements preventing them from disclosing details of the flaw prior to the first Patch Tuesday of 2020, taking place yesterday. According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate…
US President Donald Trump has attacked Apple over their refusal to unlock iPhones “used by killers, drug dealers and other violent criminal elements”. On Monday US Attorney General William Barr accused Apple of not being helpful in an inquiry into a shooting that is being treated as a terrorist act.
Data from an exposed LimeLeads Elasticsearch server has ended up on a hacking forum, being sold by a well-known individual on underground hacking forums named Omnichorus, who has build a reputation for sharing and selling hacked and stolen data. https://twitter.com/campuscodi/status/1217051624293720070
It has been reported that thousands of baby videos and images are being left unsecured and exposed to the internet by Peekaboo Moments, a mobile app. This is due to the app’s developer, Bithouse Inc., leaving an Elasticsearch database open on the internet.
Brian Krebs posted a story last night about an emergency patch Microsoft sent to government agencies, branches of the US military and other organisations responsible for managing internet infrastructure. The vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates. A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and…
Whether it is an EPOS system at a fast food venue or large display system at a public transport hub, interactive kiosks are becoming popular and trusted conduits for transacting valuable data with customers. The purpose of interactive kiosks, and the reason for their increasing prevalence, is to drive automation and make processes more efficient. For many businesses and government departments, they are the visible and tangible manifestations of their digital transformation. Kiosks are information exchanges, delivering data and content; ingesting preferences, orders and payments. With so much data going back and forth, there is huge value, however, wherever there…