Recent Security News

  • Magecart Campaign Hijacks 404 Pages to Steal Data

    October 11, 2023 at 12:53PM Cybercriminal groups behind the Magecart payment-card theft campaigns have developed a new technique to hide their credit card skimming code. They have started hiding JavaScript code in a comment on a targeted website’s 404 error page. By modifying other pages on the site to include a call to a nonexistent…

    Read More

  • Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk

    October 11, 2023 at 12:06PM Patches have been released for a critical memory corruption vulnerability in the cURL data transfer project. The flaw, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL, allowing remote exploitation in certain configurations. The bug can lead to heap buffer overflow, and affected versions are 7.69.0 to 8.3.0.…

    Read More

  • Securely Moving Financial Services to the Cloud

    October 11, 2023 at 11:55AM Moving financial services to the cloud requires careful consideration of security, compliance, and governance. It is important to establish secure use of the cloud and comply with regulations. Cloud governance, including three lines of governance, is crucial. Implementing infrastructure, application, and data pipelines, as well as change management and monitoring,…

    Read More

  • Data Thieves Test-Drive Unique Certificate Abuse Tactic

    October 11, 2023 at 11:41AM Attackers are using a new method of certificate abuse to spread info-stealing malware, including stealing cryptocurrency from Windows systems. The campaign involves search engine optimization poisoning to deliver malicious pages promoting illegal software downloads. The malware uses special certificates with long strings of non-English characters, making them difficult to detect.…

    Read More