Researchers have identified a web skimmer on Segway’s online store that enabled threat actors to steal credit cards and customer information when they checked out. Segway is the maker of two-wheeled, self-balancing personal transporters Segway store compromised with Magecart skimmer | Malwarebytes Labs.
ISBuzz Team
A recent survey from Cato Networks on organizations’ lack of confidence in network security, found that 67% of the survey respondents that have a SASE platform in place said they would add bandwidth to address cloud application performance issues.
IT Pro report this morning that Microsoft warns of phishing campaign targeting OAuth tokens. Hackers have been targeting Microsoft 365 users with a fake app that steals their OAuth authentication token, giving them full access to the victim’s email, calendar, and contacts. Microsoft picked up news of the new cybercrime campaign from Twitter user @ffforward. They discovered that the perpetrator has been targeting Microsoft 365 users with an app called Upgrade, using the publisher name Counseling Services Yuma PC. The phishing group has been sending emails to potential victims with an OAuth request. OAuth is a form of authentication that…
Following the news that Meta has plans to develop the “world’s most powerful AI supercomputer”, many are asking – will the language translation and image recognition it boasts of really be able to spot fraudsters, fight spoofs and ensure the safety of users in the Metaverse?
Dubbed WhisperGate, the malware is a wiper that was used in cyberattacks against website domains owned by the country’s government. The spate of attacks led to the defacement of at least 70 websites and a further 10 subject to “unauthorized interference,” according to the Security Service of Ukraine, State Special Service and Cyber Police. The wave of attacks was made public on January 14. Websites impacted included the Ukrainian Foreign Ministry, the Ministry of Education and Science, and various state services. The defacement and reported compromise of at least two government systems come at a time when there appears to be a growing threat…
As reported by the BBC, action role-playing game Dark Souls 3 has been taken offline following reports of an exploit that could allow bad actors to take control of your PC. Publisher Bandai Namco and developer FromSoftware have turned off player-v-player (PvP) servers, meaning gamers cannot play competitively. The downtime affects Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered. But the purported exploit cannot affect console gamers and as such PvP remains available on PlayStation and Xbox. Dark Souls 3 was released in 2016 to much fanfare and remains one of the top 100 most-played games on PC…
Help Net Security writes that security threats related to IoT and related devices within healthcare environments have remained sorely under-addressed, despite increased investments in healthcare cybersecurity. Data shows that 53% of connected medical devices and other IoT devices in hospitals have a known critical vulnerability. Additionally, a third of bedside healthcare IoT devices – which patients most depend on for optimal health outcomes – have an identified critical risk. If attacked, these vulnerabilities could impact service availability, data confidentiality, or patient safety – with potentially life-threatening consequences for patient care. IV pumps are the most common healthcare IoT device and…
Please see below for expert comment from information security experts regarding the DHS issuing a warning about a potential Russian cyber attack on the US. Kev details the seriousness of this warning, the consequences of an attack, and how best to build cyber resilience against such threats.
Negligent insiders are the root cause of 56% of incidents while credential thefts have almost doubled and are the costliest to remediate, at an average of over $800,000 per incident Proofpoint, Inc., a leading cybersecurity and compliance company, today released its 2022 Cost of Insider Threats Global Report to identify the costs and trends associated with negligent, compromised, and malicious insiders. Notably, on average, impacted organizations spent $15.4 million annually on overall insider threat remediation and took 85 days to contain each incident. The Report, independently conducted by Ponemon Institute, is issued every 2 years and now in its fourth edition. It…
41% of IT security managers plan to quit their job in the next 6 months, experiencing high stress Improved Threat Intelligence Processes and SOC Metrics needed to manage increasing risks of cyber-attacks and to support teams under pressure The heightened risk of cyberattacks on businesses is being compounded by significant recruitment and retention issues within cybersecurity teams, making them more vulnerable to potential attacks, according to new research from ThreatConnect Inc.® -the leader in reducing complexity and enabling better decision making in cybersecurity. With the number of data breaches in 2021 soaring past that of 2020, there is added pressure on…