Security News
Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information and credit card data from e-commerce websites. "Attackers employ a number of evasion techniques during the campaign, including obfuscating [using] Base64 and masking the attack to resemble popular third-party services, such as Google Analytics or Google Tag Manager," Akamai security researcher Roman Lvovsky said.
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Cybersecurity researcher Wladimir Palant analyzed the PDF Toolbox extension available from Chrome Web Store and found that it included code that was disguised as a legitimate extension API wrapper.
The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets. The remote access trojan has since been used heavily in attacks targeting Ukrainian state bodies and military systems via spoofed versions of legitimate software.
The notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services web servers to gain initial access to corporate networks. The latest tactic of targeting Windows IIS servers was discovered by South Korean researchers at the AhnLab Security Emergency Response Center.
A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. "It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility," Trend Micro said in a Friday report.
Call it BEC 3.0 - phishing attacks that bury the hook in legitimate web services like Dropbox. SEE: Another hide-the-malware attack focuses on DNS. "Leveraging legitimate websites to host malicious content is a surefire way to get into the inbox," he said.
Researchers have developed DarkBERT, a language model pretrained on dark web data, to help cybersecurity pros extract cyber threat intelligence from the Internet's virtual underbelly. A team of researchers from Korea Advanced Institute of Science and Technology and data intelligence company S2W has decided to test whether a custom-trained language model could be useful, so they came up with DarkBERT, which is pretrained on dark web data.
Google will add artificial intelligence to several online safety features and give users more insight into whether their information might have been posted on the dark web, the tech giant announced during the Google I/O conference on May 10. Google offers AI image generation and plans to roll out markups that will label those images as AI-generated in Search.
For its recent research focusing on web entities, Censys leveraged its internet-wide scan data to understand better the applications and services that have become core to our existence, evaluating the state of security on the modern internet. In this Help Net Security video, Himaja Motheram, Security Researcher at Censys, offers insight into the assets and weaknesses across organizations' internet infrastructure.
Google has announced new tools, features and updates to improve users' online safety, help them evaluate content found online, and alert them if their Gmail identity appears on the dark web.Another helpful "Tool" for users is the newly introduced option of using passkeys - digital keys linked to a user account and a website or app - to authenticate to one's Google account.