Unwrapping Some of the Holiday Season’s Biggest Scams
Even with the holidays in full swing, scammers won’t let up. In fact, it’s high time for some of their nastiest cons as people travel, donate to charities, and simply try to enjoy their time with friends and family. Unfortunate as it is, scammers see this time of year as a tremendous opportunity to profit. […] more…FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
We discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. Our data shows that the attack started on September 7, 2019. All of the impacted online shops are hosted on the cloud platform of the e-commerce service provider “Volusion,” one of the top e-commerce […] more…New Magecart Attack Delivered Through Compromised Advertising Supply Chain
by Chaoying Liu and Joseph C. Chen On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as […] more…Are Your Online Mainframes Exposing You to Business Process Compromise?
by Roel Reyes (Senior Threat Researcher) Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies. Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But […] more…More information
- The State of the ESILE/Lotus Blossom Campaign
- Resolved: University Fiber Back Haul Relocation May 14th – May 15th
- Facebook shuts off user data access for hundreds of thousands of apps
- Serious Chrome zero-day – Google says update “right this minute”
- Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks
- EU to Check How Facebook, Google Use Data: Spokeswoman
- Encryption backdoors: The brief history of an oxymoron
- Update: PAWS/Workflow Maintenance Work
- Omron PLC CJ/CS/NJ Series CVE-2019-18261 Authentication Bypass Vulnerability
- NATO Condemns Alleged Iranian Cyberattack on Albania