Author Archives: Zeljka Zorz

New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg

With the Magecart attackers compromising web shops left and right, online shopping is becoming a risky proposition. After Ticketmaster, British Airways and Feedify, two new Magecart victims have been identified: the broadcasting giant ABS-CBN and online retailer Newegg. Compromised shops Security researcher Willem de Groot flagged the ABS-CBN compromise a few days ago and he believes the attackers added the payment card skimming script on or before August 16th. RiskIQ and Volexity researchers shared details … More

The post New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg appeared first on Help Net Security.

How do you protect digital channels from cyber threats?

A well-thought out and managed social media presence is a must for most companies and their workforce, but too few of them think about the potential repercussions of an attack targeting it. Social media is increasingly seen as a battleground, providing the platform for complex influence campaigns mounted by nation-states (Iran, Russia), various hacker groups to get their message out and to advertise their services, and attackers looking to trick other users into parting with … More

The post How do you protect digital channels from cyber threats? appeared first on Help Net Security.

Bogus finance apps on Google Play target users worldwide

ESET researchers have discovered malicious apps impersonating various financial services and the Austrian cryptocurrency exchange Bitpanda on Google Play. The fake apps Uploaded to Google’s official app store in June 2018 and collectively downloaded and installed over a thousand times, upon launch the apps would immediately request the user to enter credit card details and/or login credentials to the targeted bank or service. The entered information would then be sent to the attacker’s server, and … More

The post Bogus finance apps on Google Play target users worldwide appeared first on Help Net Security.

Facebook offers bounties for user token bugs in third-party apps, websites

Facebook is expanding its bug bounty program to include vulnerabilities in third-party apps and websites that involve improper exposure of Facebook user access tokens. What’s in scope? “Access tokens allow people to log into another app using Facebook and are uniquely generated for the specific person and app,” security engineer Dan Gurfinkel noted. “If exposed, a token can potentially be misused, based on the permissions set by the user. We want researchers to have a … More

The post Facebook offers bounties for user token bugs in third-party apps, websites appeared first on Help Net Security.

Improved features and security fixes in iOS 12, watchOS 5, tvOS 12, and Safari 12

Apple has released new versions of iOS, watchOS, tvOS and Safari and has plugged a number of security holes in each. iOS 12 iOS 12 comes with improved usability, stability, reliability, speed, but also with some interesting new and improved features that should help users choose and manage passwords and use two-factor authentication. Apple software engineer Ricky Mondello has highlighted a number of them, including: A revamped iCloud Keychain password manager that generates passwords when … More

The post Improved features and security fixes in iOS 12, watchOS 5, tvOS 12, and Safari 12 appeared first on Help Net Security.

Data breaches make companies underperform the market in the long run

While the share prices of companies that experienced a sizeable/huge data breach suffer just a temporary hit, in the long term breached companies underperformed the market, an analysis by consumer tech product review and comparison site Comparitech has shown. This is the site’s second annual analysis into the share prices and overall performance of 24 companies that are listed on the New York Stock Exchange and have suffered a data breach in the last ten … More

The post Data breaches make companies underperform the market in the long run appeared first on Help Net Security.

Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes

A group of researchers from Queen’s University (Canada) have proposed a new approach for keeping important documents safe: creating so many believable fakes that attackers are forced either to exfiltrate them all or to try to find the real one from within the system. Of course, both actions carry an increased risk of detection. They’ve also demonstrated that creating and maintaining many fakes can be relatively inexpensive for the defenders, that the real document can … More

The post Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes appeared first on Help Net Security.

Tech support scammers leverage “evil cursor” technique to “lock” Chrome

Tech scammers are constantly coming up with new techniques to make users panic and seek their bogus services. The latest one, documented by Malwarebytes researchers, has been dubbed “evil cursor”. “Evil cursor” The trick works against a recent version of Google Chrome (69.0.3497.81) and prevents the victims from closing a tab or browser window by clicking on the “X” in the upper right corner. The victims believe that they are pressing the “X”, but code … More

The post Tech support scammers leverage “evil cursor” technique to “lock” Chrome appeared first on Help Net Security.