DarkCrewFriends Returns with Botnet Strategy
threatpost.com/darkcrewfriends-returns-botnet/156963/ The botnet can be used to mount different kinds of attacks, including code-execution and DDoS.
8 U.S. City Websites Targeted in Magecart Attacks
threatpost.com/8-city-gov-websites-magecart/156954/ Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident.
Admin of carding portal behind $568M in losses pleads guilty
www.bleepingcomputer.com/news/security/admin-of-carding-portal-behind-568m-in-losses-pleads-guilty/ Russian national Sergey Medvedev, one of the co-founders of Internet-based cybercriminal enterprise Infraud Organization and an admin on the organization’s carding portal, today pleaded guilty to RICO conspiracy.
Firm That Tracked Protesters Targeted Evangelicals During 2016 Election
www.vice.com/en_us/article/9353qv/mobilewalla-tracked-protesters-targeted-evangelicals-during-2016-election The CEO of data broker Mobilewalla, which worked with Republican SuperPACs, says it tracked Evangelicals’ cell phone locations for six months.
Almost 300 Windows 10 executables vulnerable to DLL hijacking
www.bleepingcomputer.com/news/security/nearly-300-windows-10-executables-vulnerable-to-dll-hijacking/ A simple VBScript may be enough to allow users to gain administrative privileges and bypass UAC entirely on Windows 10. The vulnerability referred to here is relative path DLL hijacking, which is when an attacker can cause a legitimate Windows executable to load an arbitrary DLL of the attacker’s choice, most likely with malicious intent.
GeoVision access control devices let hackers steal fingerprints
www.bleepingcomputer.com/news/security/geovision-access-control-devices-let-hackers-steal-fingerprints/ GeoVision, a Taiwanese fingerprint scanner, access control, and surveillance tech manufacturer, fixed critical vulnerabilities in their devices that could be abused by hackers and nation-state threat actors.
Suomalaisia yritetään huijata ennätysmäärin varo näitä kolmea petkutusta
www.tivi.fi/uutiset/tv/65fc5798-cfe6-4c5c-a87c-8657363985e7 Puhelimen soidessa kannattaa nyt olla tarkkana, sillä suomalaisia kiusaa parhaillaan poikkeuksellisen suurilukuinen määrä puhelinhuijareita. Yleisimmässä huijausmallissa uhrit ovat menettäneet keskimäärin tuhansia euroja.
Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL
www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owners-of-magento-1-x-eol/#ftag=RSSbaffb68 Almost 110, 000 online stores are still running the soon-to-be-outdated Magento 1.x CMS. Mastercard said that 77% of the companies investigated in these incidents were not in compliance with PCI DSS requirement 6, the rule that requires store owners to run up-to-date systems.
Russian Cybercrime Boss Burkov Gets 9 Years
krebsonsecurity.com/2020/06/russian-cybercrime-boss-burkov-gets-9-years/ A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.