If someone at your company were to tell you that a critical database was left unprotected for the past six months, exposing data of millions of your customers, you’d likely be outraged. In 2019 forgoing basic server security is completely unacceptable. But then we look at the growing wave of Magecart attacks — malicious credit card skimming code that’s typically injected via compromised third-party tools — and learn about data breaches that took two, five, or even six months to be detected. Such was the case of the recently disclosed data breach at the National Baseball Hall of Fame website,…
ISBuzz Team
DoorDash has confirmed a data breach impacting 4.9 million users including customers, delivery workers (Dashers) and merchants. The food delivery company said that the breach happened on May 4 and that customers who joined after April 5, 2019 are not affected. It’s still unclear why it took several months for DoorDash to publicly address the incident. Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen. Consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV)…
Threat actors are using Google’s URL decoding of non-ASCII URL data for URL encoding-enabled phishing attacks that hide the destination of malicious email links according to researchers, bypassing secure email gateways. https://twitter.com/DaveG_Tripwire/status/1177346550214856704
A report released on Wednesday by the US Government Accountability Office (GAO) which found that the Department of Energy (DOE) has not done enough to protect the electrical grid against increasing cyber attack attempts The same day a Senate committee approved legislation intended to bolster DOE’s work on grid security.
Hackers are currently exploiting an unpatched vulnerability in the Rich Reviews WordPress plugin for malvertising campaigns. Although the plugin was removed for security reasons from the WordPress repository more than six months ago, it is estimated that 16,000 websites still have it running. The two issues allowing the attack are a lack of access controls for changing the plugin’s options and not sanitizing the values of the options. https://twitter.com/threatpost/status/1176897191543287809
Iran’s government-backed hackers are trying to infect US military veterans with malware with the help of a malicious website, researchers from security firm Cisco Talos reported on Tuesday. The website, located at hiremilitaryheroes[.]com (pictured above), offers a fake desktop app for download, in the hopes that US military veterans would download and install it, presumably to gain access to job offerings. But Cisco Talos researchers say the app only installs malware on users’ systems and shows an error message, indicating that the installation failed.
As part of our experts’ comments series, please find below comments from experts on Why are SMEs facing rising cybercrime.
Security researchers at IBM X-Force IRIS have found evidence of Magecart skimmers targeting commercial layer 7 (L7) routers to steal payment card details of users. Up until now, Magecart-specific code was only delivered at the website level, with web skimmers hiding the code inside PHP or JavaScript files. But researchers say they have found hackers designing and testing malicious scripts that they can inject onto L7 routers – potentially exposing guests connecting to Wi-Fi hotspots to payment data theft. Full story here: https://www.computing.co.uk/ctg/news/3081983/magecart-routers-wifi
Security experts on the news that online dating app, Heyyo has left a server exposed on the internet, without a password. The Elasticsearch database, exposed the personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users, believed to be the app’s entire userbase. The exposed server allowed anyone with a web browser to contact some of the users whose phone numbers were included in the database. https://twitter.com/dachelc/status/1176824014041440257
It has been reported the infamous Emotet malware has started a new spam campaign that pretends to be a scanned copy of Edward Snowden’s new book. Unsuspecting users who open the attachment and enable its content will find that they have become infected with Emotet, most likely Trickbot, and possibly other malware. After approximately four months of inactivity, Emotet woke up again on September 16th and since then has been spewing forth a legion of spam. These emails typically pretend to be invoices, financial documents, and other business documents with malicious Word attachments that infect you with a variety of malware. Full story here: https://www.bleepingcomputer.com/news/security/emotet-tries-to-infect-you-by-claiming-its-snowdens-book/