Security News
Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases. These attacks can go undetected for weeks or even several months, and depending on the popularity of the breached e-commerce platforms, cybercriminals can collect large numbers of payment card details.
IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023. This injected code executes on the page in the browser, and intercepts the victim's credentials as they are entered, which can be passed to fraudsters to exploit to drain accounts.
Australia is about to get a national online ID system - the Digital ID - which promises to improve the security and privacy of data online. The Digital ID is the cumulation of a five-year, AUD $200 million investment as an effort to alleviate security concerns over the amount of data Australians give to companies to prove who they are online.
Hundreds of suspected people smugglers have been arrested, and 163 potential victims rescued from servitude, as part of an Interpol-coordinated operation dubbed "Turquesa V" that targeted cyber criminals who lure workers into servitude to carry out their scams. When the victims showed up for their first day on the job, they were forced into working for cyber investment scam operations and not allowed to leave.
Basically, everyone who believes in a free and safe internet is speaking out against eIDAS. The unintended consequences of the bill are so great that Mozilla recently shared an open letter co-signed by a raft of internet companies concerned that eIDAS will make the internet less secure. Mozilla warned in a separate statement that any EU government could "Issue website certificates for interception and surveillance which can be used against every EU citizen, even those not resident in or connected to the issuing member state."
IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries.
Meta and Google have disclosed what they allege are offensive cyber ops conducted by China. The op wasn't pro-Beijing, but Meta found in mid-2023 "a small portion of this network's accounts changed names and profile pictures from posing as Americans to posing as being based in India."
Online stores are not always as secure as you might think they are, and yet you need to hand over your valuable credit card information in order to buy anything. "Whether shopping online or booking your experience with Santa, be aware that cybercriminals have laid the groundwork to take advantage of the holiday shopping season via both obvious and very subtle avenues."
They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in "This Is Spinal Tap." Many of the minuscule objects aren't clearly advertised. But there is no doubt some online sellers deliberately trick customers into buying smaller and often cheaper-to-produce items, Witcher said.
Update November 8, 11:05 EST: OpenAI says impacted services are back online. OpenAI's AI-powered ChatGPT large language model-based chatbot is down because of a major ongoing outage that also took down the company's Application Programming Interface.