Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites
A campaign discovered by Malwarebytes Labs in mid-April has lifted credentials from a number of e-commerce portals.
Source: Threat Post – Web
[...]
Web Security
Articles targeted at Web App Security, hacks, guides, how to’s and the latest vulnerabilities.
First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered
Researchers warn that Cosmic Lynx targets firms that don’t use DMARC and uses a “mergers and acquisitions” pretext that can lead to large
[...]
Admins Urged to Patch Critical F5 Flaw Under Active Attack
Security experts and the U.S. Cyber Command are urging admins to update a critical flaw in F5 Networks, which is under active attack.
[...]
Lazarus Group Adds Magecart to the Mix
North Korea-based APT is targeting online payments made by American and European shoppers.
Source: Threat Post – Web Security – Lazarus Group
[...]
Ring Doorbell’s Police Partnerships Questioned Over Racial Bias
Amazon has placed a moratorium on police use of its facial recognition platform – but a congressman asked if that extends to its
[...]
Cisco Warns of High-Severity Bug in Small Business Switch Lineup
A high-severity flaw allows remote, unauthenticated attackers to potentially gain administrative privileges for Cisco small business switches.
Source: Threat Post – Web
[...]
New Android Spyware Tools Emerge in Widespread Surveillance Campaign
Never-before-seen Android spyware tools have been used in a widespread APT campaign to spy on the Uyghur ethnic minority group – since 2013.
[...]
Email Sender Identity is Key to Solving the Phishing Crisis
Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.
Source: Threat Post – Web Security
[...]
Microsoft Releases Emergency Security Updates for Windows 10, Server
The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files.
Source: Threat Post
[...]
StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks
The spy malware is being delivered via a complex infrastructure with multiple layers, in an effort to avoid analysis.
Source: Threat Post
[...]