Chile’s ALMA Observatory has temporarily shut down all its astronomical observation operations after a cyberattack against their systems occurred last week. Moreover, Atacama Large Millimeter Array Observatory’s public website suspended its operation due to cybercriminal disruption. Currently, the email services of the Chilean entity are limited, and its IT team are trying to restore the...Continue Reading
Malicious threat actors have been discovered abusing the BackupBuddy zero-day flaw, a WordPress plugin for taking a backup of an entire WordPress installation within a dashboard. The zero-day in the BackupBuddy plugin is in a function dubbed Local Directory Copy that system operators develop to save a local copy of the backups. The flaw began...Continue Reading
The Russian Cozy Bear APT group (APT29) has improved its tricks, techniques, and procedures (TTPs) to continue its onslaught against Microsoft Office 365 users. This state-sponsored threat group has focused on upgrading its attacks’ evasion capabilities to maintain persistence in its targeted systems. The APT29 operators have discovered a method to deactivate the Purview Audit...Continue Reading
Researchers discovered that a reemerged strain of Magecart attacks had targeted food online services. Food online ordering has become the most lucrative way for hackers to deploy Magecart attacks. These attacks threaten high-end and small-scale platforms since online food services became a trend during the pandemic. According to researchers, two distinct Magecart attacks injected e-skimmer...Continue Reading
In a recent study, researchers have found a new technique that could allow anyone, such as hackers, to bypass a web browser’s user anonymity protections to know a website visitor’s unique identity. For instance, once a hacker has gained control of a website, they would be able to identify a user’s identity and unique online...Continue Reading
Hackers deploying Telegram bot to steal troves of data from WooCommerce websites have been found. These malicious adversaries used credit card skimmers, leading to several cases of credit card theft reported on an eCommerce site. The first scenario is that a website owner received numerous complaints from customers who reported faulty transactions on their cards...Continue Reading
National entities have been alerted about the possibility of high-risk distributed denial-of-service (DDoS) attacks, based on a recent advisory from the Computer Security Incident Response Team (CSIRT) in Italy. DDoS attacks usually cause severe damage, service outage, and operational disruptions to businesses and organisations. The Italian agency continually detected signs and threats of cyberattacks against...Continue Reading
A high chance of websites being exposed to third-party JavaScripts has recently been identified by researchers, with a further concern of threat actors having an easy way to exploit them to inject malicious codes into the sites. In a normal occurrence, webpages load a third-party script into a browser coming from an external server that...Continue Reading
Sberbank, one of Russia’s largest financial institutions, had been hit by waves of cyberattacks, including a massive strike of DDoS or distributed denial-of-service attack, recorded as the largest one in its history. From the statement of the bank’s director, he mentioned that hackers had been attacking Sberbank in the past months. Being the largest financial...Continue Reading
About 100,000 top-ranking websites have recently been examined by security experts, revealing that some of them leak users’ data entered on website forms to third-party trackers even before users hit the submit button. Moreover, even if users have not submitted their data on the forms and deleted everything they typed in, the websites still share...Continue Reading
