Latest News

2019/11/20

Macy’s Suffers Data Breach by Magecart Cybercriminals

The department store Macy’s is warning that web skimmer malware was discovered on Macys.com collecting customers’ payment card information. The attack has been linked to Magecart, a notorious umbrella group made up of various cybercriminal affiliates that is known for injecting payment card skimmers into ecommerce websites.

According to a data breach notice sent to customers, “an unauthorized third party added unauthorized computer code” to Macys.com on Oct. 7. The code, which was discovered and removed on Oct. 15, was collecting customers’ first and last names, addresses, phone number and email addresses, payment card information (including number, security code, and expiration dates).
2019/11/20

‘Windows Update’ Installs Cyborg Ransomware

A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants.

The email-based threat, discovered recently by researchers at Trustwave, is unique in a few ways, researchers unveiled in a blog post on Tuesday. For instance, the attached file purports to be in .jpg format, even though it opens an .exe file.
2019/11/13

Magento Warns E-Commerce Sites to Upgrade ASAP to Prevent Attacks

The popular e-commerce platform Magento is urging web administrators to install its latest security update in order to defend against malicious attacks in the wild that could exploit a critical remote code-execution vulnerability.

While the company didn’t specify what kinds of potential attacks that websites should be concerned about (Threatpost reached out for comment on this), Magento is a common target for the Magecart association of threat groups, which compromise websites built on unpatched e-commerce platforms in order to inject card-skimming scripts on checkout pages. The scripts steal unsuspecting customers’ payment card details and other information entered into the fields on the page.
2019/11/13

Adobe Patches Critical Bugs in Illustrator, Media Encoder

Adobe Systems is warning Illustrator 2019 users that two critical memory-corruption vulnerabilities could allow for an attacker to remotely connect to a Windows machine, execute code and gain control of the targeted system.

The create-suite behemoth also warned Tuesday, as part of its regular monthly patch advisories, that its Windows and macOS versions of its Adobe Media Encoder also have a critical vulnerability tied to an out-of-bounds write flaw.
2019/11/04

Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources

WASHINGTON (Reuters) - Senior government officials in multiple U.S.-allied countries were targeted earlier this year with hacking software that used Facebook Inc’s (FB.O) WhatsApp to take over users’ phones, according to people familiar with the messaging company’s investigation.