IT Security Newsletter

IT Security Newsletter - 03/16/2021

Written by Cadre | Tue, Mar 16, 2021

Hackers hide credit card data from compromised stores in JPG file

Hackers have come up with a sneaky method to steal payment card data from compromised online stores that reduces the suspicious traffic footprint and helps them evade detection. Instead of sending the card info to a server they control, hackers hide it in a JPG image and store it on the infected website. Researchers at website security company Sucuri found the new exfiltration technique when investigating a compromised online shop running version 2 of the open-source Magento e-commerce platform. READ MORE...

Ransomware attack forces college to tell students to stay at home

A UK college says it has closed its campus buildings for one week, and advised students that all lessons and lectures will be taking place online, following a ransomware attack. South & City College in Birmingham, which has over 20,000 students aged 14 and over, says that it suffered a "major ransomware attack" that has disabled many of its core IT systems. As a result, yesterday the college informed students it was shutting its eight sites, and reverting to online teaching. READ MORE...

Blender website in maintenance mode after hacking attempt

Blender.org, the official website of the popular 3D computer graphics software Blender, is now in maintenance mode according to a message displayed on the site. "The http://blender.org website is undergoing maintenance due to a hacking attempt," the official Blender account on Twitter said earlier today, adding that "the website will be back as soon as possible." "Most of the infrastructure, including the Wiki, http://blender.chat, and others are available as usual," Blender added. READ MORE...

Phishing sites now detect virtual machines to bypass detection

Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device. Cybersecurity firms commonly use headless devices or virtual machines to determine if a website is used for phishing. To bypass detection, a phishing kit utilizes JavaScript to check whether a browser is running under a virtual machine or without an attached monitor. If it discovers any signs of analysis attempts, it shows a blank page. READ MORE...

Royal Mail scam says your parcel is waiting for delivery

Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming: Lots of folks may assume this text message is genuine, along with the URL. This would be a mistake. What we have is a simple but effective phish. It takes advantage of several real-world factors to ensure it's possibly a bit more believable than other missives landing in mailboxes. What are they up to? READ MORE...

Software Development Security Firm Argon Emerges From Stealth Mode

Argon, an Israel-based company that provides solutions for securing the software development process, on Tuesday announced emerging from stealth mode. The company has developed a solution that provides visibility, security and integrity capabilities to help DevOps and security teams ensure that their development environment has not been compromised. Argon says its product enables organizations to secure their continuous integration/continuous delivery (CI/CD) pipeline by mapping tools. READ MORE...

NFT digital art is already attracting hackers

Users of the digital art marketplace Nifty Gateway reported hackers had taken over their accounts and stolen artwork worth thousands of dollars over the weekend. Some users reported their entire accounts of digital certificates of authenticity for digital assets - known as non-fungible tokens (NFTs or "nifities") - were drained over the weekend. But even after changing their passwords, some users said the hackers weren't kicked out of their accounts. READ MORE...

How does the brain interpret computer languages?

In the US, a 2016 Gallup poll found that the majority of schools want to start teaching code, with 66 percent of K-12 school principals thinking that computer science learning should be incorporated into other subjects. Most countries in Europe have added coding classes and computer science to their school curricula, with France and Spain introducing theirs in 2015. This new generation of coders is expected to boost the worldwide developer population from 23.9 million in 2019 to 28.7 million in 2024. READ MORE...

  • ...in 1751, President James Madison, known as the "Father of the Constitution" and cowriter of The Federalist Papers, is born in the Virginia Colony.
  • ...in 1926, physicist Robert Goddard launches the first ever liquid-propellant rocket (fueled by gasoline and liquid oxygen) from a field in Auburn, MA.
  • ...in 1995, the state of Mississippi formally ratifies the 13th Amendment, becoming the last state to approve the abolition of slavery, nearly 130 years after the fact.
  • ...in 2020, the Dow Jones Industrial Average falls by 2,997.10, the single largest point drop in history.