Daily NCSC-FI news followup 2020-01-02
New evasion techniques found in web skimmers
blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known as Magecart.
Landry’s restaurant chain disclose POS malware incident
www.zdnet.com/article/landrys-restaurant-chain-disclose-pos-malware-incident/ US restaurant chain Landry’s disclosed a security incident that involved the discovery of malware on the network of hundreds of restaurants.
Ransomware Attackers Offer Holiday Discounts and Greetings
www.bleepingcomputer.com/news/security/ransomware-attackers-offer-holiday-discounts-and-greetings/ To celebrate the holidays, ransomware operators are providing discounts or season’s greetings to entice victims into paying a ransom demand.Such is the case with the Sodinokibi Ransomware (REvil) who MalwareHunterTeam noticed had changed their ransom note over the holidays to include a new message wishing the victims a “Merry Christmas and Happy Holidays”.
Starbucks Devs Leave API Key in GitHub Public Repo
www.bleepingcomputer.com/news/security/starbucks-devs-leave-api-key-in-github-public-repo/ One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users.
