Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers’ credit cards and personal information. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers’ credit cards and personal information. […] Read More
BleepingComputer
Holiday Season Cyber Alert: Reflectiz Declares War on Magecart
Reflectiz, a cybersecurity company specializing in continuous web threat management, offers an exclusive, fully remote solution to battle Magecart web-skimming attacks, a popular cyberattack involving injecting malicious code into the checkout pages.
As the Holiday Season approaches, online retailers face the challenge of protecting their websites against the growing threat of malicious attacks, such as Magecart. However, they struggle to add new security layers due to restrictions on modifying their website code to avoid impacting website performance during the peak shopping season.
Reflectiz, a unique web security tool, ensures 100% readiness for Magecart attacks before and during the Holiday Season.
This is made possible by Reflectiz’s external, non-intrusive solution, which requires no code implementation or IT resources. Your website(s) will be fully protected within days, and there will be no impact on your website’s performance.
Reflectiz automatically detects third-party code changes, keylogging, and communication with malicious domains to prevent Magecart web-skimming attacks. It overcomes the most sophisticated malware obfuscation techniques, lets you track changes, prioritize issues, and implement alerts according to their severity level, empowering you to act before the damage is done.
Despite being so powerful, Reflectiz does not affect website performance. It has zero impact on your IT resources and requires no installation on the client. It begins protecting your web assets within days, ensuring continuous monitoring of all crucial and sensitive web pages, not just checkout pages.
“Reflectiz understands the challenges faced by online retailers during this busy time of the year. In fact, in 2023, Reflectiz detected Magecart attacks on more than 150 websites, and the count is still rising. Our advanced technology enables the automatic detection of sophisticated threats throughout your entire online environment, all with quick and easy external implementation. You will be up and running within days” – Ysrael Gurt, Co-founder & CTO, Reflectiz.
Sign up for our exclusive offer today, and get the ideal head start in the war on Magecart.
Marketing Director
Daniel Sharabi
Reflectiz
daniel.s@reflectiz.com
The post Holiday Season Cyber Alert: Reflectiz Declares War on Magecart appeared first on Cyber Security News.
Cyber Security News
Russian Hackers Who Hacked Microsoft Also Targeted Other Organizations
[[{“value”:”
On January 12, 2024, Microsoft identified a nation-state threat actor, “Midnight Blizzard,” attacking their corporate systems. Upon discovery, Microsoft deployed its incident response process to disrupt the malicious activity and mitigate the attack.
Notably, Microsoft has been tracking “Midnight Blizzard” for quite some time now.
However, Microsoft stated that the infiltration was possible due to a legacy test account that had a weak password potentially proving vulnerable to the password-spray attack
from the threat actors. Microsoft identified the attack by reviewing their Microsoft Exchange Web Services activity and reviewing their audit log features.
According to the reports shared with Cyber Security News, Midnight Blizzard is a Russian state-sponsored threat actor responsible for compromising several governmental and private entities of foreign interest to Russia.
Their targeted industries include governments, diplomatic entities, non-governmental organizations (NGOs), and IT service providers in the US and Europe. This particular threat actor has been active since 2018, and their primary focus is the espionage of foreign interests.
Midnight Blizzard uses several attack methods for espionage and intelligence gathering, such as stolen credentials, supply-chain attacks, lateral movement to the cloud, abusing OAuth applications, and many others.
As of the current attack against Microsoft, it has been discovered that the threat actor has been using password spray attacks on a specific set of accounts with only a tailored list of passwords to evade detection of threat activity.
The threat actor also launched these attacks from a residential proxy infrastructure consisting of several IP addresses that legitimate users use. This increased their evasion percentage and a long-time attack, which became successful.
Once the account has been compromised, the threat actor uses malicious OAuth applications to maintain persistence on the compromised account. In addition, the threat actor also created a new user account that uses the attacker-controlled malicious OAuth application to log in.
Document
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
This malicious OAuth was again used to authenticate into Microsoft Exchange Online to further target Microsoft Corporate email accounts. However, the threat actor also used the legacy test OAuth application to grant them access to the Office 365 Exchange Online with a full_access_as_app role, providing access to the mailboxes.
Furthermore, Microsoft also stated that “Microsoft Threat Intelligence has identified that the same actor has been targeting other organizations and, as part of our usual notification processes, we have begun notifying these targeted organizations.“
Microsoft detailed this threat actor, which provides detailed information about the defense guidance, protection guidance, steps to mitigate, hunting methodologies, and many other information.
The Midnight Blizzard, also known as Cozy Bear, also had breached its HPE cloud-based email environment.
Today Hewlett-Packard disclosed to the SEC that they were compromised by APT29 a/k/a/ Cozy Bear a/k/a/ Midnight Blizzard
Information via @pancak3lullz pic.twitter.com/9HH1WLy6t8
— vx-underground (@vxunderground) January 24, 2024
Cozy Bear had likely been lurking within HPE’s system since May 2023, pilfering data from a select group of mailboxes across various departments, including cybersecurity itself.
The post Russian Hackers Who Hacked Microsoft Also Targeted Other Organizations appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Over 400,000 corporate credentials stolen by info-stealing malware
The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they had achieved significant infiltration into business environments. […] Read More
BleepingComputer