Security News > 2020 > September

Hungary is among numerous countries in Eastern Europe poised for an explosion in real-time payments growth, with several Hungarian banks and intermediaries leveraging ACI's unrivalled Real-Time Payments solution to capitalize on the expected rise in digital transaction volumes. Long-standing customer OTP Bank is leveraging ACI's Real-Time Payments solution to connect to the scheme; the solution offers a complete range of capabilities for processing real-time payments, including origination, processing, clearing, fraud detection and connectivity-all on a single platform.

Acendre announces a partnership with Go1, provider of on-demand training that allows organizations to upscale their workforce. Inquisiq, Acendre's Learning Management Solution, has been carefully designed to seamlessly blend the most advanced eLearning technology with time-tested conventional training methods - all within a rich learning ecosystem that fosters collaboration and communication.

Rew Yang has been named as chair of the advisory board for Californians for Consumer Privacy, the organization which created and championed the passage of the CCPA and is now advocating for the passage of Proposition 24, the California Privacy Rights Act, which will make California's data privacy rights laws the strongest in the United States and set a precedent for other states to follow. While CCPA was a landmark victory for privacy and data property rights, Proposition 24 will extend beyond the existing law and provide consumers the right to correct their data, restrict use of sensitive personal information, including race and sexual orientation, extend to consumers the right to prevent companies from storing their information longer than necessary, and more.

Satnam Narang, staff research engineer at Tenable, told Threatpost that researchers can't definitively say how many Magento sites are vulnerable - however, they were able to identify at least 1,500 websites indexed through search engines that use the Magmi plugin. The second, now patched flaw, CVE-2020-5777, is an authentication bypass flaw in Magmi for Magento version 0.7.23 and below.

Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers. Over the weekend, the company published an advisory to warn of active attacks targeting a security flaw in the Distance Vector Multicast Routing Protocol feature of IOS XR to cause memory exhaustion denial of service.

Facebook on Tuesday said that it caught a budding Russia-linked campaign to fuel political chaos in the US, working off a tip from the FBI in its latest take-down of coordinated inauthentic behavior at the leading social network. The network of 13 Facebook accounts and two pages posing as journalists and targeting left-wing progressives was removed for violating a policy against "Foreign interference" at the platform.

Ransomware attacks often rely on trojans to infect computers and steal information. As ransomware continues to dominate as a cyberthreat, criminals are increasingly carrying out attacks using Cobalt Strike, an otherwise ethical testing framework.

The personal information includes names, dates of birth, gender, physical addresses and email addresses, and election-specific data - such as when an individual registered to vote, voter registration numbers and polling stations - according to Kommersant, a Moscow-based newspaper. The outlet reported Tuesday that several databases of voter data turned up in an unnamed marketplace in late 2019.

The e-commerce card-skimming landscape has a new wrinkle: Cybercriminals affiliated with the Magecart collective are using encrypted messaging service Telegram as a channel for sending stolen credit-card information back to its command-and-control servers. "Telegram is a popular and legitimate instant messaging service that provides end-to-end encryption, [and] a number of cybercriminals abuse it for their daily communications but also for automated tasks found in malware." He added, "The novelty [here] is the presence of the Telegram code to exfiltrate the stolen data."

Norway's parliament said Tuesday it had been the target of a "Vast" cyber attack that enabled hackers to access the emails of some lawmakers. "The parliament has recently been targetted in a vast cyber attack," the institution wrote in a statement.