Cyber Security Hub explores why cryptocurrencies are an ever-growing target for malicious actors
Posts tagged "Target"
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
Threatpost
Attackers Target Intuit Users by Threatening to Cancel Tax Accounts
The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.
Threatpost
Conti, DeadBolt Target Delta, QNAP
QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics’ network has been crippled.
Cybercriminals Actively Target VMware vSphere with Cryptominers
VMware’s container-based application development environment has become attractive to cyberattackers.
Threatpost
‘Tropic Trooper’ Reemerges to Target Transportation Outfits
Analysts warn that the attack group, now known as ‘Earth Centaur,’ is honing its attacks to go after transportation and government agencies.
‘Seedworm’ Attackers Target Telcos in Asia, Middle East
The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.
Threatpost
Retailers using WooCommerce are the next target for Magecart card skimmer attacks
Three new Magecart attacks are taking advantage of potential vulnerabilities in the WooCommerce ecommerce platform, experts have warned.
Discovered by RiskIQ, the vulnerabilities target retailers using third-party themes and tools to integrate into WooCommerce pages that are particularly prone to Magecart risk.
As a result, many consumers are potentially vulnerable to having credit card details stolen ahead of the holiday shopping season.
Magecart threat
Further research by Barn2, a software company that specializes in WooCommerce products and WordPress, found that WooCommerce represents 29% of the top one million websites using ecommerce technologies. This exceeds five million active installs of the free plugin as of early 2021.
WooCommerce is notably popular because it is a free to use and easily customisable WordPress plugin.
“WooCommerce users are often small and medium-sized businesses, sometimes considered the most vulnerable, as they lack resources for complex and highly-vetted third-party tools. As we've seen over the years, both small and large retailers can be the targets of Magecart skimming,” RiskIQ wrote in its blog post.
In a typical Magecart attack, threat actors use a vulnerability and weaknesses in an ecommerce platform to inject a malicious code that skims online payment forms to intercept the payment information of unsuspecting customers.
As these third-party tools integrate with thousands of websites, when one supplier is compromised, Magecart has effectively breached thousands of sites at once.
RiskIQ's detection of skimmers and other malware shows the innumerable ways threat actors gain access, deploy, and hide their tools on victim websites and advice site operations to regularly inspect their crontab commands for strange contents, ensure that access permissions are correct, and audit file access to it.
- We’ve also highlighted the best identity theft protection
How MikroTik Routers Became a Cybercriminal Target
The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said.
Threatpost
Brute-Force Attacks Target Inboxes for Gift Card Data
Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.
Threatpost