Category: Uncategorized
-
Polyfill Supply Chain Attack Hits Over 100k Websites Ionut Arghire
More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain. The post Polyfill Supply Chain Attack Hits Over 100k Websites appeared first on SecurityWeek. Read More
-

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware [email protected] (The Hacker News)
Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese…
-
Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector Eduard Kovacs
Several vulnerabilities patched recently in Siemens Sicam products could be exploited in attacks aimed at the energy sector. The post Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector appeared first on SecurityWeek. Read More
-

Practical Guidance For Securing Your Software Supply Chain [email protected] (The Hacker News)
The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who see opportunities to force-multiply their attacks by orders of magnitude. For…
-

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping [email protected] (The Hacker News)
Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. “When your headphones are seeking a connection…
-
Exploitation Attempts Target New MOVEit Transfer Vulnerability Eduard Kovacs
Exploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started. The post Exploitation Attempts Target New MOVEit Transfer Vulnerability appeared first on SecurityWeek. Read More
-

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites [email protected] (The Hacker News)
Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information. According to Sucuri, the latest campaign entails making malicious…
-

New Medusa Android Trojan Targets Banking Users Across 7 Countries [email protected] (The Hacker News)
Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five different botnets operated by various affiliates, cybersecurity…
-

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack [email protected] (The Hacker News)
Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library (“polyfill.js”) to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by the supply chain attack, Sansec said in a…
-
EU Sanctions Six Russian Hackers Eduard Kovacs
The European Council has added six Russian hackers to the EU’s sanctions list for their cyberattacks against member states and Ukraine. The post EU Sanctions Six Russian Hackers appeared first on SecurityWeek. Read More
