Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites.
The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of “improper neutralization of special elements” that could pave the way for arbitrary code execution.
It was addressed by the company as part of
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-06 11:06:442024-04-06 11:06:44Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Plus: Microsoft scolded for a “cascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and more.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-06 09:06:342024-04-06 09:06:34Identity Thief Lived as a Different Man for 33 Years
“An increase of attacks can currently be assumed, particularly in light of the upcoming European elections. These may include phishing attacks to publish stolen data or documents,” a BSI spokesperson told Information Security Media Group.
Newly discovered HTTP/2 protocol vulnerabilities called “CONTINUATION Flood” can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-06 08:07:042024-04-06 08:07:04New HTTP/2 DoS Attack can Crash Web Servers with a Single TCP Connection
Vietnamese financially motivated hackers are targeting businesses across Asia in a campaign to harvest corporate credentials and financial data for resale in online criminal markets.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-06 07:07:042024-04-06 07:07:04Vietnamese Threat Actor Targeting Financial Data Across Asia
While similar to IcedID, Proofpoint researchers confirmed it is an entirely new malware, likely created by the IcedID developers. Latrodectus shares infrastructure overlap with historic IcedID operations.
First encountered in December 2019, JsOutProx is a RAT and highly obfuscated JavaScript backdoor that allows its operators to run shell commands, download additional payloads, execute files, capture screenshots, establish persistence, and more.
Hacker group RGB claims responsibility for breaching Kaspersky’s fan club and the Prosecutor’s Office of the Russian Federation, leaking over 100,000 criminal records.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-06 01:13:332024-04-06 01:13:3357,000 Kaspersky Fan Club Forum User Data Leaked in Hosting Breach
Wiz.io, known for its cloud security expertise, and Hugging Face, a leader in open-source AI tools, are combining their knowledge to develop solutions that address these security concerns. This collaboration signifies a growing focus on securing the foundation of AI advancements.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-05 22:09:432024-04-05 22:09:43Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks
One issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-05 21:06:482024-04-05 21:06:48Critical Bugs Put Hugging Face AI Platform in a ‘Pickle’
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
/in General NewsThreat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites.
The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of “improper neutralization of special elements” that could pave the way for arbitrary code execution.
It was addressed by the company as part of
The Hacker News – Read More
Identity Thief Lived as a Different Man for 33 Years
/in General NewsPlus: Microsoft scolded for a “cascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and more.
Security Latest – Read More
Phishing Attacks Targeting Political Parties, Germany Warns
/in General News“An increase of attacks can currently be assumed, particularly in light of the upcoming European elections. These may include phishing attacks to publish stolen data or documents,” a BSI spokesperson told Information Security Media Group.
Cyware News – Latest Cyber News – Read More
New HTTP/2 DoS Attack can Crash Web Servers with a Single TCP Connection
/in General NewsNewly discovered HTTP/2 protocol vulnerabilities called “CONTINUATION Flood” can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
Cyware News – Latest Cyber News – Read More
Vietnamese Threat Actor Targeting Financial Data Across Asia
/in General NewsVietnamese financially motivated hackers are targeting businesses across Asia in a campaign to harvest corporate credentials and financial data for resale in online criminal markets.
Cyware News – Latest Cyber News – Read More
New Latrodectus Malware Replaces IcedID in Network Breaches
/in General NewsWhile similar to IcedID, Proofpoint researchers confirmed it is an entirely new malware, likely created by the IcedID developers. Latrodectus shares infrastructure overlap with historic IcedID operations.
Cyware News – Latest Cyber News – Read More
Visa Warns of New JSOutProx Malware Variant Targeting Financial Organizations
/in General NewsFirst encountered in December 2019, JsOutProx is a RAT and highly obfuscated JavaScript backdoor that allows its operators to run shell commands, download additional payloads, execute files, capture screenshots, establish persistence, and more.
Cyware News – Latest Cyber News – Read More
57,000 Kaspersky Fan Club Forum User Data Leaked in Hosting Breach
/in General NewsBy Waqas
Hacker group RGB claims responsibility for breaching Kaspersky’s fan club and the Prosecutor’s Office of the Russian Federation, leaking over 100,000 criminal records.
This is a post from HackRead.com Read the original post: 57,000 Kaspersky Fan Club Forum User Data Leaked in Hosting Breach
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks
/in General NewsBy Deeba Ahmed
Wiz.io, known for its cloud security expertise, and Hugging Face, a leader in open-source AI tools, are combining their knowledge to develop solutions that address these security concerns. This collaboration signifies a growing focus on securing the foundation of AI advancements.
This is a post from HackRead.com Read the original post: Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Critical Bugs Put Hugging Face AI Platform in a ‘Pickle’
/in General NewsOne issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.
darkreading – Read More