Month: June 2024
Jun 26, 2024NewsroomWeb Skimming / Website Security Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information. According to…
Read More
Jun 26, 2024NewsroomAndroid Security / Threat Intelligence Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five…
Read More
Privacy VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes 25 Jun 2024 • , 6 min. read In a world of remote working and heightened privacy and security concerns, virtual private networks (VPNs) have become an indispensable aid for…
Read More
Digital executive protection services are usually acquired through the office of the CISO or CSO, though executives themselves often acquire the services independently and then involve their CSOs, according to Chris Pierson, CEO of BlackCloak, which he founded in 2018 with the sole purpose of protecting executives from online threats that can lead to personal…
Read More
Jun 26, 2024NewsroomSupply Chain Attack / Web Security Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library (“polyfill.js”) to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-075 DATE(S) ISSUED: 06/25/2024 OVERVIEW: Multiple vulnerabilities have been discovered in MOVEit products, which could allow for authentication bypass. MOVEit Gateway acts as a proxy between inbound connections from the public network and your internal trusted network. MOVEit Transfer is a secure managed file transfer application. Successful exploitation of these vulnerabilities could…
Read More
“It’s a community of practice. It’s just shared learnings. We’re all kind of going, ‘It’s early innings.’ We’re all bumping elbows and skinning knees. It’s like, ’Let’s learn together, share some of this pain, but share some of the learnings,” newly appointed Dell Chief AI Officer Jeff Boudreau tells CRN. Dell Technologies holds the No.…
Read More
During the data collection period, Cloudflare said that it mitigated 6.8% of all web application traffic. It defines mitigated traffic as any “traffic that is blocked or is served a challenge by Cloudflare. The specific threat type and relevant mitigation technique depends on many factors such as the application’s potential security gaps, the nature of…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-074 DATE(S) ISSUED: 06/25/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…
Read More
Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. As MOVEit has been a popular target for ransomware gangs and other threat actors, we strongly recommend prioritizing patching of this vulnerability. Background On June 25, Progress published an advisory for a vulnerability in MOVEit Transfer, a secure…
Read More