Introduction Today, mobile devices are ubiquitous within enterprise environments. But with their proliferation, it provides adversaries with yet another attack surface with which they can target users and cause a breach. From phishing attacks to malicious apps, mobile users tend to let their guard down and potentially click on obfuscated links to malicious sites. Falcon for … [Read more...] about Protecting Users from Malicious Sites with Falcon for Mobile
Sites
KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting "dozens of known vulnerabilities" to target widely-used content management systems (CMS). The "KashmirBlack" campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, … [Read more...] about KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General
The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the assassination of Iranian major general Qasem Soleimani earlier this January.Behzad Mohammadzadeh (aka Mrb3hz4d), 19, and Marwan Abusrour (aka Mrwn007), 25, have been charged with conspiracy to commit intentional damage to a … [Read more...] about 2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the … [Read more...] about New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources.The issue affects reverse proxy cache systems like Varnish and some widely-used Content Distribution … [Read more...] about New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
Chrome for Android Enables Site Isolation Security Feature for All Sites with Login
After enabling 'Site Isolation' security feature in Chrome for desktops last year, Google has now finally introduced 'the extra line of defence' for Android smartphone users surfing the Internet over the Chrome web browser.In brief, Site Isolation is a security feature that adds an additional boundary between websites by ensuring that pages from different sites end up in … [Read more...] about Chrome for Android Enables Site Isolation Security Feature for All Sites with Login
Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
Beware Apple users!Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today.The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered earlier this year in the wild, involving at least five unique iPhone exploit chains … [Read more...] about Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking
If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised.Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few … [Read more...] about Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking
Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets
Magecart strikes again!Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings.Since Magecart is neither a single group nor a specific malware instead an umbrella term given to all those cyber criminal groups and individuals … [Read more...] about Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets
Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites
Researchers from Chinese cybersecurity firm Qihoo 360's NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites.While monitoring a malicious domain, www.magento-analytics[.]com, for over last seven months, researchers found that the attackers have been … [Read more...] about Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites