Security News

Many top corporations are looking for new talent, and even junior professionals can earn $80,000 or more. This collection of 18 courses provides the perfect launchpad for your new career, and readers of The Hacker News can currently grab it at a massive discount.

Researchers have discovered at least 9,000 exposed VNC endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks. Security weakness hunters at Cyble scanned the web for internet-facing VNC instances with no password and found over 9,000 accessible servers.

Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. As a comparison, this equates to over 350% of Apple's reported net income in the 2021 fiscal year, showing the massive extent of these losses.

Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22.

Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information. The PrestaShop team issued an urgent warning last Friday, urging the admins of 300,000 shops using its software to review their security stance after cyberattacks were discovered targeting the platform.

As the popularity of Buy Now, Pay Later grows, organizations and consumers must remain vigilant or risk becoming a victim of fraud, as account takeover attacks - where cybercriminals take ownership of online accounts using stolen passwords and usernames - surged by 148% last year. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses how organizations need to prepare for fraudulent BNPL activity.

Admins were also told that they could find more information regarding these ongoing problems in the admin center under EX401976 and OL401977. While Redmond did not reveal the scale of the issue, thousands of reports have been submitted in the past 24 hours on DownDetector by Outlook and Exchange Online users who have either been unable or experienced difficulties when trying to log in or email.

Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. Online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions and banking, as well as purchases like airline ticketing.

The cache-based targeted de-anonymization attack is a cross-site leak that involves the adversary leveraging a service such as Google Drive, Dropbox, or YouTube to privately share a resource with the target, followed by embedding the shared resource into the attack website. The attack, in a nutshell, aims to unmask the users of a website under the attacker's control by connecting the list of accounts tied to those individuals with their social media accounts or email addresses through a piece of shared content.

Security researchers are warning that hackers can abuse online programming learning platforms to remotely launch cyberattacks, steal data, and scan for vulnerable devices, simply by using a web browser. DataCamp provides integrated development environments to close to 10 million users that want to learn data science using various programming languages and technologies.