Security News

In 2019 alone, ATO attacks cost consumers and e-commerce retailers a whopping $16.9 billion in losses. To be clear, ATO fraud isn't new, it's been a concern for online retailers for a decade.

ATO is the weapon of choice for fraudsters leading up to the holiday shopping season, new data from Sift shows, and consumers place account security burden on businesses. Account takeover fraud attempts to steal from consumers and e-commerce merchants swelled 282% between Q2 2019 to Q2 2020, new data from digital trust and safety provider Sift finds.

A vulnerability in Instagram allowed an attacker to take over an Instagram account and turn the victim's phone into a spying tool by simply sending a malicious image by any media exchange platform. Check Point Research decided to examine Instagram because of its size and popularity.

The TeamTNT cybercrime gang is back, attacking Docker and Kubernetes cloud instances by abusing a legitimate cloud-monitoring tool called Weave Scope, according to researchers. It can be integrated with Docker, Kubernetes, the Distributed Cloud Operating System and Amazon Web Services Elastic Compute Cloud - and it gives cybercriminals a perfect entree into a company's cloud infrastructure.

Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks - including deploying ransomware, and shutting down or even taking over critical systems. The flaws exists in CodeMeter, owned by Wibu-Systems, which is a software management component that's licensed by many of the top industrial control system software vendors, including Rockwell Automation and Siemens.

A remote code execution vulnerability addressed recently in Concrete5 exposed numerous websites to attacks, Edgescan reports. What Edgescan discovered was an RCE flaw in Concrete5 that could have allowed an attacker to inject a reverse shell into vulnerable web servers, thus taking full control of them.

The two critical flaws discovered by researchers include an arbitrary file-upload vulnerability, ranking 10 out of 10 on the CVSS scale; as well as an unauthenticated arbitrary file deletion error, ranking 9.9 out of 10. "Any of the 30,000 sites running the plugin are subject to any file being deleted, which includes the wp-config.php file, by unauthenticated site users."

While brute-forcing and password spraying techniques are the most common way to mount account takeovers, more methodical cybercriminals are able to gain access to accounts even with more secure MFA protocols in place. According to Abnormal Security, cybercriminals are zeroing in on email clients that don't support modern authentication, such as mobile email clients; and legacy email protocols, including IMAP, SMTP, MAPI and POP. Thus, even if MFA is enabled on the corporate email account, an employee checking email via mobile won't be subject to that protection.

Newsletter, a WordPress plugin with more than 300,000 installations, has a pair of vulnerabilities that could lead to code-execution and even site takeover. The Newsletter plugin offers site admins a visual editor that can be used to create newsletters and email campaigns from within WordPress.

A popular online social service, Meetup, has fixed several critical flaws in its website. If exploited, the flaws could have enabled attackers to hijack any Meetup "Group," access the group's member details and even redirect Meetup payments to an attacker-owned PayPal account.