Security News
A server-side request forgery flaw in an API of a large financial technology platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found. A team at Salt Security's Salt Labs identified the vulnerability in an API in a web page that supports the organization's platform fund transfer functionality, which allows clients to transfer money from their accounts on its platform into their bank accounts, researchers disclosed in a report published Thursday.
The XM Cyber research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-prem, multi-cloud and hybrid environments. They fail to show how these seemingly unrelated issues form hidden attack paths that hackers can use to pivot through a hybrid cloud environment and compromise critical assets.
According to an Identity Theft Resource Center report, the overall number of data compromises is up more than 68 percent compared to 2020. The new record number of data compromises is 23 percent over the previous all-time high set in 2017.
Attackers are targeting industrial enterprises with spyware campaigns that hunt for corporate credentials so they can be used both for financial gain and to cannibalize compromised networks to propagate future attacks, researchers have found. Researchers dubbed the attacks "Anomalous" because they veer from typical spyware attacks, Kaspersky's Kirill Kruglov wrote in a report published this week on the SecureList blog.
U.S. online store PulseTV has disclosed a large-scale customer credit card compromise. The platform found out about a potential breach from VISA on March 8, 2021, who informed them that unauthorized credit card transactions were taking place on the site.
A serious security vulnerability in a popular product from Apache has opened the floodgates for cybercriminals to try to attack susceptible servers. Hackers know that organizations are often slow to patch even critical security flaws, which is why attackers are frantically hunting for unpatched systems.
Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours. Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity.
90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. "We need to talk about risk in a way that frames cybersecurity as a fundamental driver of business growth - helping to bring together IT and business leaders who, in reality, are both fighting for the same cause."
The problem-dubbed "Shrootless"-is associated with a security technology called System Integrity Protection found in macOS. Jonathan Bar Or from the Microsoft 365 Defender Research Team explained in a blog post that SIP restricts a user at the root level of the OS from performing operations that may compromise system integrity. "A malicious actor could create a specially crafted file that would hijack the installation process. After bypassing SIP's restrictions, the attacker could then install a malicious kernel driver, overwrite system files, or install persistent, undetectable malware, among others."
Cybercriminals are using Telegram bots to steal one-time password tokens and defraud people through banks and online payment systems, including PayPal, Apple Pay and Google Pay, new research has found. Threat actors are using Telegram bots and channels and a range of tactics to gain account information, including calling victims, and impersonating banks and legitimate services, researchers said.