Security News

Segway's online store was compromised to include a malicious Magecart script that potentially allowed threat actors to steal credit cards and customer information during checkout. MageCart attacks are when threat actors compromise a site to introduce malicious scripts that steal credit card and customer information when people make a purchase.

The Canadian government department for foreign and consular relations, Global Affairs Canada was hit by a cyberattack last week. While critical services remain accessible, access to some online services is currently not available, as government systems continue to recover from the attack.

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts. Crypto.com CEO: 400 customer accounts hit.

At least 15 websites belonging to various Ukrainian public institutions were compromised, defaced, and subsequently taken offline. As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down.

Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal are warned they risk having their system compromised. It isn't unusual for novice and skilled developers alike to copy commonly used commands from a webpage and paste them into their applications, a Windows command prompt or a Linux terminal.

A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices. "An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through," Cisco Talos noted in a disclosure publicized last week.

From social media-influenced sales and app-based mobile purchases to cloud migration, the retail industry is shaped by the purchasing behavior of its customers. All of this data is stored on the cloud, and 77 percent of retailers acknowledge cloud security is a major challenge, making it the number one strategic challenge in the retail industry this year - up from number 14 in 2020.

Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers. The code can steal payment details such as credit card number, holder name, addresses, and CVV, and send them to the actor.

Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post. At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have singled out using iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet.

Apple has warned at least nine US Department of State employees that their iPhones have been hacked by unknown attackers using an iOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group. "On top of the independent investigation, NSO will cooperate with any relevant government authority and present the full information we will have," an NSO spokesperson separately told Motherboard.