Security News

Credit card stealer scripts are evolving and become increasingly harder to detect due to novel hiding tactics. This happened because scanners aren't commonly scanning CSS files for malicious code and anyone looking at the skimmer's trigger script reading a custom property from the CSS page wouldn't give it a second glance.

Their paper identifies "Digital thought clones," which act as digital twins that constantly collect personal data in real-time, and then predict and analyze the data to manipulate people's decisions. Activity from apps, social media accounts, gadgets, GPS tracking, online and offline behavior and activities, and public records are all used to formulate what they call a "Digital thought clone".

A payment card-skimming malware that hides inside social-media buttons is making the rounds, compromising online stores as the holiday shopping season gets underway. Once ensconced on the page, the malware behaves just like the widespread Magecart group of skimmers, with the code being parsed and run by a shopper's PC in order to harvest payment cards and any other information entered into a site's online fields, he added.

Online education giant K12 Inc. has paid a ransom after their systems were hit by Ryuk ransomware in the middle of November. K12 announced this week that they suffered a ransomware attack in mid-November that caused them to lock down some of their IT systems to prevent the attack's spread. "In mid-November, we detected unauthorized activity on our network, which has since been confirmed as a criminal attack in the form of ransomware. Upon identifying unusual system activity, we quickly initiated our response, taking steps to contain the threat and lock down impacted systems, notifying federal law enforcement authorities, and working with an industry-leading third-party forensics team to investigate and assist with the incident," K12 told BleepingComputer in a statement.

Online learning solutions provider K12 Inc., which recently announced changing its name to Stride Inc., said on Monday that it had decided to pay a ransom to cybercriminals who managed to breach its systems and deploy a piece of ransomware. The attackers deployed a piece of ransomware and accessed information stored on some corporate back-office systems.

A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. Although the behavior was observed on version 7.91 of GO SMS Pro for Android, the app makers have since released three subsequent updates, two of which were pushed to the Google Play Store after public disclosure of the flaw and Google's removal of the app from the marketplace.

Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In the meantime, we would like to acquaint you with an awesome set of free security tools that we believe may make a palpable difference for your cybersecurity program and 2021 budget planning.

Apple has new features in iOS 14 and macOS 11 Safari that disable trackers from learning which websites you visit to protect your privacy. Apple has introduced a new privacy tracking feature in Safari in iOS 14 and macOS 11 Big Sur that will let you know which websites are tracking you and display the trackers that Safari has blocked.

Cybercriminals capitalized on the chaos and shift to a remote world by launching bad bot attacks and DDoS attacks with the goal of disrupting online activities. As retailers now prepare for a surge in online holiday shopping amid the on-going global pandemic, Imperva experts urge vigilance and preparedness on the part of online businesses.

In 2016 Australia's online census crashed and burned after legitimate attempts to complete the survey were mistaken for a DDoS attack, the routers funnelling traffic failed, and disaster recovery plans did likewise. "Generally appropriate frameworks have been established covering the Census IT systems and data handling, and the procurement of IT suppliers. The ABS has not put in place arrangements to ensure that improvements to its architecture framework, change management processes and cyber security measures will be implemented ahead of the 2021 Census."