Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
We uncovered a recent activity involving the notorious online credit card skimming attack known as Magecart. The attack, facilitated by a new cybercrime group, impacted 201 online campus stores in the United States and Canada. We started detecting the attacks against multiple campus store websites on April 14, during which the sites were injected with […] more…Game of Threats
Introduction While the way we consume TV content is rapidly changing, the content itself remains in high demand, and users resort to any means available to get at it – including illegal and non-ethical ones like the use of pirated stuff. The world is embracing the idea of paying for entertainment more and more with […] more…DNS Manipulation in Venezuela in regards to the Humanitarian Aid Campaign
Venezuela is a country facing an uncertain moment in its history. Reports suggests it is in significant need of humanitarian aid. On February 10th, Mr. Juan Guaidó made a public call asking for volunteers to join a new movement called “Voluntarios por Venezuela” (Volunteers for Venezuela). According to the media, it already numbers thousands of […] more…New Magecart Attack Delivered Through Compromised Advertising Supply Chain
by Chaoying Liu and Joseph C. Chen On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as […] more…Perspectives On Securing Our Election Systems
I had the pleasure of sitting on a panel at CyberScoop’s CyberTalks event this week, which coincides this year with the RSA 2018 Conference in San Francisco. Our discussion focused on the need to protect election systems from would-be hackers seeking to change results, sow discord in our election processes, and undermine confidence in our […] more…International Women’s Day in the Channel
I have had the privilege of working with many exceptional people over the course of my career. For International Women’s Day this year, I wanted to feature some of the dedicated and talented women I have the opportunity to work with in the Channel. The following individuals have great advice and stories that we all […] more…Dnsmasq: A Reality Check and Remediation Practices
Dnsmasq is the de-facto tool for meeting the DNS/DHCP requirements of small servers and embedded devices. Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured with certain options. Based on Censys and Shodan data, […] more…Oh No! 8 Signs that Grandma’s Getting Baited by a Catfish!
His name was Colonel Lance Shimmeroff. He was a retired U.S. Army officer and happened to be an ace Words With Friends player, according to my 75-year-old mother, who no one in the family could beat at the online game. They played the game often, and he impressed with his word combinations and witty banter. […] more…How to Secure the Future of the Internet of Things
The world of security for the Internet of Things just became more complex. IoT devices are no longer a potential threat to their owners; now they pose a significant threat to everything connected to the Internet. The old IoT security problem For the past year, the cybersecurity and IoT communities have been at odds regarding […] more…Crypto-Ransomware Sightings and Trends for 1Q 2015
It seems that cybercriminals have yet to tire of creating crypto-ransomware malware. Since the start of 2015, we have spotted several variants of crypto-ransomware plague the threat landscape. In January, the Australia-New Zealand region was beset by variants of TorrentLocker. But we soon discovered that TorrentLocker infections were not limited to that region; Turkey, Italy, […] more…Multiplatform Boleto Fraud Hits Users in Brazil
A study conducted around June last year revealed a malware-based fraud ring that infiltrated one of Brazil’s most popular payment methods – the Boleto Bancário, or simply the boleto. While the research and analysis was already published by RSA, we’ve recently discovered that this highly profitable fraud is still out in the wild and remains […] more…Smart Apps to Keep Your Teen from Texting and Driving
If you are like most parents, the “no texting and driving” comment is a daily exchange before your teen heads out the door, car keys in hand. A 2012 U.S. National Highway Traffic Safety Administration (NHTSA) survey found that drivers 18 to 20 showed the highest level of mobile phone involvement in crashes or near-crashes. […] more…How Do I Keep My Kids Safe On iPhone?
A friend had recently been on a trip to Singapore and among the many purchases she made was her dream phone, the gleaming black temptress, the iPhone! From the time of their return, however, she hardly gets to use her iPhone or gloat over her new acquisition. The reason is her two middle-school going kids- […] more…More information
- Microsoft Exchange CVE-2019-1233 Remote Denial of Service Vulnerability
- Apple security chief maintains innocence after bribery charges
- Hacker Conversations: Stephanie ‘Snow’ Carruthers, Chief People Hacker at IBM X-Force Red
- More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
- Human failings undermine security – but who’s failing who?
- CPR Deployment
- Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets
- Facebook scans private messages to inflate the "Like" counter on websites
- Windows 7 users upset by unwanted Patch Tuesday telemetry
- Lawmakers Concerned About Apple’s Handling of FaceTime Spying Bug