Security News

British charities are sharing information about people visiting their websites with adtech data brokers, according to a report. The alleged badness boils down to charity websites having tracking beacons embedded within them, little snippets of code that tell an advertiser who opened a particular website or webpage.

At SophosLabs we recently researched a collection of scams that exploit web advertising networks to pop up fake system alerts on both computers and mobile devices. The latest variations find other ways to cash in on fake alerts: using them as the entry point to technical support scams or prompting their victims to purchase fraudulent apps or "Fleeceware" off a mobile app store.

Speaking at the 2020 Disclosure conference, Jones outlined how the trust many developers put in their software stacks and shared code, paired with a disturbing lack of online savvy, can make them easy pickings for hackers. "Systems are generally hardened - they have patches, they have firewalls, they have monitoring," Jones explained, "But [some] developers will run literally any bullshit they find on Stack Overflow. They keep credentials lying about, they're obviously going to have the source code and some production data sitting on their hardware as well."

Kryon launched the industry's first cloud-based Full Cycle Automation-as-a-Service platform. Powered by Amazon Web Services, Kryon's FCAaaS pushes the boundaries of automation by combining Process Discovery, RPA, and actionable analytics in one unified platform.

A Colorado man was sentenced this week to eleven years in prison for his role as a moderator on the AlphaBay cybercrime marketplace. When taken down in 2017, AlphaBay was the most popular Dark Web marketplace for illegal products, and had over 400,000 users.

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.

The personal information includes names, dates of birth, gender, physical addresses and email addresses, and election-specific data - such as when an individual registered to vote, voter registration numbers and polling stations - according to Kommersant, a Moscow-based newspaper. The outlet reported Tuesday that several databases of voter data turned up in an unnamed marketplace in late 2019.

Content delivery network provider Fastly announced on Thursday that it has agreed to acquire web application security firm Signal Sciences for approximately $775 million in cash and stock. Founded in 2014, California-based Signal Sciences provides web application firewall and runtime application self-protection technologies designed to protect applications, APIs and microservices.

A series of recent phishing attacks tried to take advantage of organizations that use Amazon Web Services. In one phishing campaign reported to KnowBe4, the attackers created a basic, no-frills scam to harvest the credentials of AWS users.