Segway Hit by Magecart Attack Hiding in a Favicon
Visitors who shopped on the company’s eCommerce website in January will likely find their payment-card data heisted, researchers warned. Source: Threatpost.com
Continue ReadingAuthor: Tara Seals
AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover
A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users. Source: Threatpost.com
Continue ReadingPervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open. Source: Threatpost.com
Continue ReadingBox 2FA Bypass Opens User Accounts to Attack
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. Source: Threatpost.com
Continue ReadingCritical ManageEngine Desktop Server Bug Opens Orgs to Malware
Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. Source: Threatpost.com
Continue ReadingCritical Cisco Contact Center Bug Threatens Customer-Service Havoc
Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers. Source: Threatpost.com
Continue ReadingRussian Security Takes Down REvil Ransomware Gang
The country’s FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil’s infrastructure. Source: Threatpost.com
Continue ReadingAmazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign
A cloudy campaign delivers commodity remote-access trojans to steal information and execute code. Source: Threatpost.com
Continue ReadingMicrosoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. Source: Threatpost.com
Continue Reading‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS
The malware establishes initial access on targeted machines, then waits for additional code to execute. Source: Threatpost.com
Continue Reading