Security News

Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information. The PrestaShop team issued an urgent warning last Friday, urging the admins of 300,000 shops using its software to review their security stance after cyberattacks were discovered targeting the platform.

On Thursday, Ukrainian media group TAVR Media confirmed that it was hacked to spread fake news about President Zelenskiy being in critical condition and under intensive care. SSSCIP added that the attackers breached TAVR Media's servers and broadcasting systems to spread fake news suggesting that the Ukrainian President is allegedly under intensive care, in critical condition, with Parliament Chairman Ruslan Stefanchuk acting in his stead. Zelenskyi also refuted the reports in a video shared on his official Instagram account, saying they were fake news spread by Russian-linked threat actors.

Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members. Neopets is a popular website where members can own, raise, and play games with their virtual pets.

Whether it's Slack or Office 365, communication and workflow apps are an essential tool for organizations to collaborate efficiently regardless of geography. Using any of these as a primary communication channel, replacing email and knowledge management repositories, makes it a new target to exploit that contains sensitive information.

Researchers following the activities of advanced persistent threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. Proofpoint analysts have been following these activities from 2021 and into 2022 and published a report about several APT groups impersonating or targeting journalists.

The reversal, reported by TechCrunch, comes a day after the Italian data protection authority - the Garante per la Protezione dei Dati Personali - warned the company against the change, citing violations of data protection laws. "The personal data stored in users' devices may not be used to profile those users and send personalized ads without their explicit consent," the Garante said.

The gang received the name Luna Moth and has been active since at least March in phishing campaigns that delivered remote access tools that enable the corporate data theft. The Incident Response team at cybersecurity company Sygnia has been tracking the activity of the Luna Moth ransom group, noting that the actor is trying to build a reputation using the name Silent Ransom Group.

Comic reading platform Mangatoon has suffered a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database. This week, the data breach notification service Have I Been Pwned added 23 million Mangatoon accounts to their platform.

China suffers massive cybersecurity breach affecting over 1 billion people. Residents of China are reeling today from the news that a cybersecurity breach led to over a billion people's personal information being made available to hackers.

Hotel giant Marriott International confirmed it was hit by another data breach after an unknown threat actor breached one of its properties and stole 20GB of files. "The threat actor used social engineering to trick one associate at a single Marriott hotel into providing access to the associate's computer. The threat actor did not impersonate any Marriott vendor."