A faction of the Magecart threat group is testing code that targets routers used to provide free or paid Wi-Fi services in public spaces and hotels. If successful, attackers would able to compromise these commercial-grade routers and be able to siphon payment data of users joining Wi-Fi networks at airports, coffee shops, hotels and other public facilities.
While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a Webroot survey. Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message. However, of that group more than a third (35%) didn’t take the basic step of changing their passwords following a breach.
If you’re a WordPress admin using a plug-in called Rich Reviews, you’ll want to uninstall it. Now. The now-defunct plug-in has a major vulnerability that allows malvertisers to infect sites running WordPress and redirect visitors to other sites. Rich Reviews is a WordPress plugin that lets sites manage reviews internally in WordPress, and also displays Google display reviews for a business underneath a search result.
A suspected Chinese advanced persistent threat (APT) group has been spotted attacking tech companies using a trojanized screen-reader application, replacing the built-in Narrator “Ease of Access” feature in Windows. The attackers also deploy a version of the open-source malware known as the PcShare backdoor to gain an initial foothold into victims’ systems.
VMware this week released patches to address a critical vulnerability in Harbor, which was found to impact VMware Cloud Foundation and VMware Harbor Container Registry for PCF. Harbor is an open source registry project for storing, signing and scanning container images for vulnerabilities. It integrates with Docker Hub, Docker Registry, Google Container Registry, and more, and allows users to easily download, upload, and scan images.