Collaborate Disseminate
RiskIQ researchers have discovered that the recent breach of Ticketmaster was not a one-off event as initially reported, but part of a massive digital credit card-skimming campaign by the threat group Magecart affecting over 800 e-commerce sites around… Continue reading Ticketmaster breach part of massive credit card skimming campaign
Ticketfly, a ticket distribution service owned by event management and ticketing pioneer Eventbrite, appears to have been hacked. The service’s site is showing a simple message saying that “Ticketfly has been the target of a cyber incident,… Continue reading Ticketfly got hacked, user data was leaked
Thousands of compromised WordPress, Joomla and SquareSpace-based sites are actively pushing malware disguised as Firefox, Chrome and Flash Player updates onto visitors. This campaign has been going on since at least December 2017 and has been gaining s… Continue reading Thousands of WP, Joomla and SquareSpace sites serving malicious updates
As more and more Coinhive clones continue popping up, chances of users’ CPU power being hijacked for cryptocurrency mining are rising. According to Malwarebytes’ latest figures, their AV solution blocked an average of 8 million cryptojacking attempts per day from late September to late October. And that’s just the attempts tied to Coinhive domains and proxies! Censys’s search engine reveals that nearly 900 of the top one million most visited sites runs the Coinhive script. … More → Continue reading The Wild West of drive-by cryptocurrency mining
Hackers lusting after cryptocurrency but not wanting to spend money to buy it or mine it are targeting users wallets, computers, popular Web sites and public cloud computing environments. Mining software/malware is a well known pest, and instances of employees using their company’s or organization’s computer resources to surreptitiously mine cryptocoin are regularly uncovered. But lately we’ve been witnessing a number of inventive strategies employed by cryptocurrency-hungry attackers. Cryptocurrency mining in the browser A few … More → Continue reading Hackers use organizations’ resources for stealthy cryptocurrency mining
The web server of Crystal Finance Millennium, a Ukraine-based accounting software firm, has been compromised and made to host different types of malware. The discovery of the compromise was accompanied by fear that there could be a repeat of the destructive NotPetya attack, which was traced back to hacked servers of Ukrainian software maker MeDoc. This time, fortunately, the attackers did not compromise the firm’s software and push out an update laden with malware. Instead, … More → Continue reading Another Ukrainian software maker’s site compromised to spread malware
Unknown hackers have managed to steal over $500,000 from aspiring investors in the Enigma cryptocurrency investment platform. The Enigma cryptocurrency hack The attack unfolded on Monday (August 21), but the company noticed that something was happening the day before, and posted a warning on Twitter: WARNINGS: DO NOT SEND FUNDS TO ANY ADDRESSES. Certain Enigma accounts are under attack. We are working to resolve this, stay put. — Enigma Project (@EnigmaMPC) August 21, 2017 Despite … More → Continue reading Hackers stole over $500,000 from Enigma cryptocurrency investors
The Magecart campaign, aimed at compromising online shops with malicious JavaScript code to collects payment card info, is still going strong, and researchers have pinpointed another way threat actors behind it monetize the stolen information. First spotted in October 2016 by RiskIQ and ClearSky researchers, Magecart mainly hits e-commerce sites running outdated and unpatched versions of shopping cart software from Magento, Powerfront, and OpenCart. After gaining access to the web platforms, the attackers change the … More → Continue reading How Magecart attackers monetize stolen payment card info
Compromising legitimate websites and the web servers that store and deliver them is a time-honoured tactic of opportunistic hackers, and a failure to keep them out can result in the servers hosting phishing and scam pages, spam mailers, exploit kits, or malware. Sometimes, these vulnerable servers are abused by different hackers, who vie for sole control or are simply content to share the asset. Case in point: the website and web server of the Paul … More → Continue reading Hackers hosted tools on a Stanford University website for months
Attackers are actively exploiting the recently patched unauthenticated privilege escalation vulnerability in WordPress’ REST API to deface websites. Sucuri, the company that discovered the flaw and responsibly reported it to the WordPress security team, spotted four distinct defacement campaigns in the 48 hours after the existence of the bug was publicly revealed. Three of them have had limited impact, but one – “signed” by someone that goes by “w4l3XzY3” – has resulted in the compromise … More → Continue reading Tens of thousands WordPress sites defaced, SEO spam to follow