Hackers use Google Analytics to steal credit cards, bypass CSP
Hackers are using Google's servers and the Google Analytics platform to steal credit card information submitted by customers of online stores. A new method to bypass Content Security Policy (CSP) using the Google Analytics API disclosed last week has already been deployed in ongoing Magecart attacks designed to scrape credit card data from several dozen e-commerce sites. READ MORE...
Remote Workers Pose New Security Risks
The sudden and massive shift to a work-from-home workforce has left millions of employees ill-prepared to handle the new cybersecurity challenges they face, a new study has found. Though many people had no previous work-at-home experience until this year, they were sent home to navigate the security quagmire of using their own personal laptop and mobile devices as well as new videoconferencing services largely without guidance on security issues from their employers. READ MORE...
Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms
With Flash Player's Dec. 31, 2020 kill date quickly approaching, Adobe said that it will start prompting users to uninstall the software in the coming months. The End of Life (EOL) timeline has been a long time coming. Adobe first announced in July 2017 that it will no longer update or distribute Flash Player as of the end of 2020. In a new post on its Adobe Flash Player EOL information page, Adobe said that after Dec. 31, it will freeze updates for Flash and remove Flash Player download links from its website. READ MORE...
Ryuk ransomware deployed two weeks after Trickbot infection
Activity logs on a server used by the TrickBot trojan in post-compromise stages of an attack show that the actor takes an average of two weeks pivoting to valuable hosts on the network before deploying Ryuk ransomware. After compromising the network, the attacker starts scanning for live systems that have specific ports open and stealing password hashes from the Domain Admin group. READ MORE...
BitDefender fixes bug allowing attackers to run commands remotely
Security solutions are designed to keep an organization safe, but those models crumble when that same software becomes a threat vector for the attackers to exploit. Such is the case with a new Bitdefender remote code execution vulnerability, dubbed CVE-2020-8102, lurking in its Safepay browser component. In a disclosure by Wladimir Palant, a security blogger and the original developer of the AdBlock Plus extension, a vulnerability was discovered in how Bitdefender protects users from invalid certificates. READ MORE...
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
Wired and wireless routers used by "millions" of home and small-business users are vulnerable to a firmware attack that can downgrade the devices to a less secure version that then allows the devices to be further compromised, cybersecurity firm NanoLock Security announced on Monday. The company decided to disclose the vulnerabilities because millions are potentially at risk, and Buffalo has not committed to issuing an update for the issue. READ MORE...
- ...in 1868, inventor Christopher Latham Sholes receives a patent for a revolutionary labor-saving (and labor-creating) device: The typewriter.
- ...in 1955, punk rock and heavy metal singer Glenn Danzig is born in Lodi, New Jersey.
- ...in 1964, writer/director Joss Whedon, creator of "Buffy the Vampire Slayer", "Firefly", and the "Avengers" films, is born in New York City.
- ...in 1969, Warren E. Burger is sworn in as Chief Justice of the US Supreme Court by retiring Chief Justice Earl Warren.
- ...in 2013, daredevil Nik Wallenda becomes the first person to successfully walk across the Grand Canyon on a tightrope.
