Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

06/04/2024 0 Comments 0 tags

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe

AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

05/04/2024 0 Comments 0 tags

New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

05/04/2024 0 Comments 0 tags

Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under

New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA

05/04/2024 0 Comments 0 tags

Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an “evolving threat” called JSOutProx. “JSOutProx is a sophisticated attack

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

05/04/2024 0 Comments 0 tags

Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened,

CISO Perspectives on Complying with Cybersecurity Regulations

05/04/2024 0 Comments 0 tags

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

04/04/2024 0 Comments 0 tags

An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. “The phishing emails use a unique vehicle incident lure

Vietnam-Based Hackers Steal Financial Data Across Asia with Malware

04/04/2024 0 Comments 0 tags

A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

04/04/2024 0 Comments 0 tags

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek

Considerations for Operational Technology Cybersecurity

04/04/2024 0 Comments 0 tags

Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise’s physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly