The e-commerce platform released patches for both Magento Commerce and Magento Open Source variants. The SQL flaw found in versions 2.3.1 and earlier could allow attackers to steal sensitive information from databases connected to Magento-based sites. Content management software provider Magento has released a string of updates to fix multiple security holes in its platform. These updates come after the ...
Read More »Author Archives: firewalltraining
Business Email Compromise (BEC) Scams: A deep insight on how attackers leverage social engineering tricks to perform BEC scams
Business Email Compromise (BEC) is a type of scam that targets corporate companies that pay bills via wire transfers. BEC scammers targeting employees of corporate companies mostly impersonate the company’s CEO or senior executives. These scammers use social engineering techniques to trick employees into sending funds directly to the scammers. Types of BEC Scams According to the FBI, there are five ...
Read More »Man in the Middle (MitM) attack – What is it and how to stay protected?
The first and foremost step in the Man-in-the-Middle (MitM) attack is to intercept internet traffic before it reaches its destination. Once the interception is achieved, the SSL traffic has to be decrypted without the user’s knowledge and without interrupting the application. Man-in-the-Middle (MitM) is an attack where the attacker eavesdrops on the communication between two parties, commonly between a user ...
Read More »UNNAM3D ransomware asks for Amazon gift cards to unlock archived files
Dubbed as ‘UNNAM3D’, the ransomware archives users’ files found under Desktop, Documents, and Pictures in individual RAR archives. After infecting systems, UNNAM3D then asks victims’ to purchase $50 Amazon gift cards and send it to the malware developer on Discord. A strange gift-card seeking ransomware has surfaced in the online space. It is reported that the ransomware which is known ...
Read More »Toyota reports second breach in five weeks
cknowledged a breach – this one affecting 3.1 million customers at its subsidiaries while the first was in Australia and believed to be the work of Ocean Lotus, or APT32. The company isn’t yet sure if the hackers nicked any data from its systems but said customers of subsidiaries, including , Lexus Koishikawa Sales, Lexus Nerima, Toyota Tokyo Sales Holdings, ...
Read More »‘Long-term security risks’ from Huawei
The Chinese company Huawei has been strongly criticised in a report by the body overseeing the security of its products in UK telecoms. The report, issued by the National Cyber Security Centre, which is part of GCHQ, says it can provide “only limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the ...
Read More »New Bill to Protect U.S. Senate Personal Devices, Accounts from Hackers
U.S. senators and their staff will receive assistance from the Senate Sergeant at Arms (SAA) to protect their accounts and devices from cyber threats if a bipartisan bill introduced by Senators and Senate Intelligence Committee members Ron Wyden (D-Ore) and Tom Cotton (R-Ark) will be signed into law. The Senate Cybersecurity Protection Act, S. 890, would allow the SAA — ...
Read More »Researchers publish the list of 583 MAC addresses impacted by recent ASUS hack
The security firm Skylight released the list of 583 MAC addresses out of the total 619 targeted by the attackers. The researchers disassembled Kaspersky’s diagnostic tool to get the full list of addresses. In a recent attack campaign, attackers distributed a backdoored version of ASUS Live Update utility to target ASUS laptop users. It was Kaspersky Lab’s Global Research and ...
Read More »Police make 61 arrests in global crackdown on dark web
Law enforcement agencies from the US, Canada and Europe, including the UK, have joined forces to target suppliers and buyers of illegal goods on dark web marketplaces and warn buyers of risks nternational law enforcement agencies made 61 arrests and shut down 50 dark web accounts used for illegal activity in a joint operation, Europol has announced. As a result of 65 ...
Read More »UC Browser violates Google Play Store policies and raises security concerns by downloading extra modules
UC Browser and UC Browser Mini Android apps violate Google Play Store policies by downloading and installing extra app modules thereby exposing its users to MitM attacks. This updating feature is present in the UC browser application since 2016. What is the issue – UC Browser and UC Browser Mini Android apps violate Google Play Store policies by downloading and ...
Read More »