Security News

A new attack method can be used to circumvent web application firewalls of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site forgery, cross-site-scripting, file inclusion, and SQL injection.

Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks. Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.

Attackers have taken over at least one expired domain that used to host a popular JavaScript library and used it to deliver web skimming scripts to a number of e-commerce sites. "The victim websites had years to remove the dead link that was leveraged by attackers but didn't - likely due to a lack of visibility about third-party scripts running on their websites and poor security hygiene," Jscrambler researchers noted.

In this Help Net Security video, Roman Faithfull, Cyber Intelligence Analyst at Digital Shadows, talks about how threat actors mobilize new members within the cybercriminal ecosystem. Cybercriminal forums are awash with users advertising and requesting the services of developers to design fresh new malware.

Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole," the Australian health insurer said.

Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole," the Australian health insurer said.

Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. "This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.

Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources."This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.

Those affected may be unaware that their devices run services using the discontinued Boa web server, and that firmware updates and downstream patches do not address its known vulnerabilities. Boa is an open-source web server designed for embedded applications and used to access settings, management consoles, and sign-in screens in devices.

Microsoft said its own investigation into the attack activity uncovered Boa as a common link, assessing that the intrusions were directed against exposed IoT devices running the web server. "Despite being discontinued in 2005, the Boa web server continues to be implemented by different vendors across a variety of IoT devices and popular software development kits," the company said.