A newly disclosed security vulnerability in IBM Robotic Process Automation (RPA) has raised concerns about potential data breaches. The vulnerability, tracked as CVE-2024-51456, could allow remote attackers to exploit cryptographic weaknesses and access sensitive information. IBM has released a security bulletin detailing the…
Tag: EN
AI in Cybersecurity: Thinking Like Hackers to Build Stronger Defenses
As we hit the two-year anniversary of the release of ChatGPT, we see that businesses across all sectors have started adopting generative AI tools to create content of all kinds. But many are discovering that these tools have capabilities that…
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it pulled off the…
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). “This credit card skimmer malware targeting…
How Proactive Security Measures Can Cut Down Cyber Insurance Premiums
In today’s digital landscape, businesses of all sizes are increasingly relying on technology to streamline operations, enhance customer experiences, and expand their reach. However, this growing dependence on technology also brings with it an elevated risk of cyber threats. Cyberattacks…
Furry Hacker Breaches Scholastic – Exposes Data of 8 Million People
The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people. The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the…
Hackers Exploiting YouTube to Spread Malware That Steals Browser Data
Malware actors leverage popular platforms like YouTube and social media to distribute fake installers. Reputable file hosting services are abused to host malware and make detection challenging. Password protection and encoding techniques further complicate analysis and evade early sandbox detection.…
Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data
Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database. On checkout pages, the malware is designed to steal credit card information from users who are visiting those pages.…
Rethinking Age Verification for Social Media: Privacy-Friendly Solutions for Safeguarding Kids
The digital landscape has become an integral part of our lives, and social media platforms are at its heart. While these platforms offer undeniable benefits in connecting people and fostering communities, they also pose significant risks, especially for children. Exposure…
Better be aware of this ongoing PayPal Phishing Scam that seems genuine
PayPal, the widely used online payment platform, is currently facing scrutiny after being linked to a “No Phish Phishing” scam that is tricking users into falling for a sophisticated fraud scheme. The scam, which exploits a weakness in PayPal’s operational…
Furry Hacker Breaches Scholastic Exposes Data of 8 Million People
The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people. The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the…
Three Russian Nationals Indicted for Operating Cryptocurrency Mixers in Money Laundering Scheme
Three Russian nationals have been charged for their involvement in operating cryptocurrency mixing services Blender.io and Sinbad.io, according to an indictment unsealed on January 7 by a federal grand jury in the Northern District of Georgia. The charges stem from…
IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks
A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data. This vulnerability exposes users to cross-site scripting (XSS) attacks, potentially compromising sensitive information. IBM Watsonx.ai Vulnerability The issue arises from improper…
Medusind Data Breach Exposes Over 360,000 Individuals’ Healthcare Info
Medusind, a healthcare revenue cycle management provider, has disclosed a data breach that compromised the personal and health information of 360,934 people. The breach, which happened over a year ago, affirms the ongoing cybersecurity challenges in the healthcare sector. The…
Europe coughs up €400 to punter after breaking its own GDPR data protection rules
PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more Infosec in brief Gravy Analytics, a vendor of location intelligence info for marketers which reached a settlement with US…
GitHub CISO on security strategy and collaborating with the open-source community
In this Help Net Security, Alexis Wales, CISO at GitHub, discusses how GitHub embeds security into every aspect of its platform to protect millions of developers and repositories, ensuring it remains a trustworthy platform for building secure software. The post…
Chainsaw: Open-source tool for hunting through Windows forensic artefacts
Chainsaw is an open-source first-response tool for quickly detecting threats in Windows forensic artefacts, including Event Logs and the MFT file. It enables fast keyword searches through event logs and identifies threats using built-in Sigma detection and custom detection rules.…
Time for a change: Elevating developers’ security skills
Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, of course, given the time it takes for a proper assessment. However, given the…
Scholastic – 4,247,768 breached accounts
In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address. This article has been indexed from Have I…
ISC Stormcast For Monday, January 13th, 2025 https://isc.sans.edu/podcastdetail/9276, (Mon, Jan 13th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, January 13th, 2025…