Black Friday shoppers targeted with thousands of fraudulent online stores
Building fake, fraudulent online stores has never been easier: fraudsters are registering domain names for a pittance, using the SHOPYY e-commerce platform to build the websites, and leveraging large language models (LLMs) to rewrite existing product listings to perfect their search engine performance. "We first observed LLM-generated retail product descriptions in July 2024, and similar behaviors continue into the holiday shopping season," researcher Will Barnes has shared. READ MORE...
New York Fines Geico and Travelers $11 Million Over Data Breaches
Auto insurance companies Geico and Travelers were fined $11 million in New York over data breaches that impacted the personal information of over 120,000 individuals. The insurance quoting tools of Government Employees Insurance Company (Geico) were targeted in several cyberattacks starting November 2020, leading to the compromise of a public-facing website's backend and the theft of driver's license numbers. READ MORE...
FlipaClip animation app data breach exposes details of almost 900,000 users
Flipaclip, an animation creation app that is particularly popular with youngsters, has exposed the details of over 890,000 users. A vulnerability in the frame-by-frame animation app, which is available for iOS and Android, was initially discovered this month by researcher "BobDaHacker" who responsibly reported it to FlipaClip's developers Visual Blasters. The vulnerability allowed unauthorised parties to access information about the app's users from an exposed Google Firebase server. READ MORE...
Gambling tech vendor's IT systems impacted by cyberattack
International Game Technology's internal IT systems and applications were disrupted by a cyberattack, the global gambling technology vendor said in a Tuesday securities filing. The U.K.-based company, which makes slot machines and gambling technology for lottery and sports betting operations, proactively took certain systems offline upon discovering the intrusion on Nov. 17. READ MORE...
QNAP and Veritas dump 30-plus vulns over the weekend
Taiwanese NAS maker QNAP addressed 24 vulnerabilities across various products over the weekend. The flaws include two critical and nine "high" severity vulnerabilities, potentially resulting in code execution, file read/write, authentication bypass, information disclosure, and elevation of privileges. Also, a series of CVEs were published by the National Vulnerability Database on November 24, a Sunday, regarding previously disclosed bugs by enterprise data management biz Veritas. READ MORE...
Malware linked to Salt Typhoon used to hack telcos around the world
Those with firsthand knowledge of Salt Typhoon's hack of several U.S. telecommunications companies have called the group's actions some of the most sophisticated cyber-espionage efforts they have ever seen. A prominent security vendor may have unearthed some malware that shows why. Trend Micro released a report Monday that gives details on the tactics, techniques and procedures used by Salt Typhoon. READ MORE...
Blue Yonder ransomware attack disrupts grocery store supply chain
Supply chain management firm Blue Yonder is warning that a ransomware attack caused significant disruption to its services, with the outages impacting grocery store chains in the UK. Blue Yonder (formerly JDA Software) operates as a Panasonic subsidiary with an annual revenue of over a billion USD and 6,000 employees. The company offers AI-driver supply chain solutions to retailers, manufacturers, and logistics providers. READ MORE...
BlackBasta Ransomware Brand Picks Up Where Conti Left Off
The Russian-language ransomware scene isn't all that big. And despite an array of monikers for individual operations, new analysis shows these groups' members are working in close coordination, sharing tactics, botnets, and malware among one another, as well as with the Russian state. And now, a new power player ransomware group brand has emerged - BlackBasta. Since the spectacular law enforcement takedown of Conti's operations in 2022, the Russian-language ransomware landscape has been in flux. READ MORE...
IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR
IBM on Monday announced patches for multiple vulnerabilities across its products, including two high-severity remote code execution (RCE) issues in Data Virtualization Manager and Security SOAR. Tracked as CVE-2024-52899 (CVSS score of 8.5), the flaw in Data Virtualization Manager for z/OS could allow a remote, authenticated attacker to inject malicious JDBC URL parameters, which could lead to arbitrary code execution on the server. READ MORE...
- ...in 1922, cartoonist Charles M. Schulz, creator of "Peanuts", is born in Minneapolis, MN.
- ...in 1922, Howard Carter and Lord Carnarvon become the first people in over 3000 years to enter the tomb of Pharaoah Tutankhamun.
- ...in 1939, singer-songwriter Tina Turner (nee Anna Mae Bullock) is born in Nutbush, TN.
- ...in 1942, the classic Humphrey Bogart/Ingrid Bergman film "Casablanca" premieres in New York City.
