Search Results for “Charlie Osborne”


September 20, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
New Round of Credit Card Skimming Magecart Malware Found on Hotel Booking Sites for 180 Hotels in 28 Countries, Third-Party Contractor Scripts Responsible

A new round of credit card skimming Magecart-linked attacks is taking place with two hotel booking websites becoming the latest victims, researchers at Trend Micro report. The sites, owned by separate chains, were being injected with a JavaScript-based card-skimmer that was benign if accessed remotely through a standard browser on a PC but could download a credit card skimming script if access via a mobile device. The injected code appears to have been active since August 9. Payment card details input by unwitting victims are harvested and sent to a remote server controlled by attackers. The impacted websites did not host the code themselves. It was found in scripts provided by the developer of the domains, Roomleader, a digital marketing services for the hospitality industry. Although the number of websites affected is small, one brand caters for 107 hotels, while the other supports 73 hotels. These establishments are located in a total of 28 countries.

August 6, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Microsoft Launches Security Lab to Allow Researchers to ‘Aggressively’ Test Azure Security, Financial Rewards of Up to $300,000 Available

In a push for advanced security for its Azure cloud computing service, Microsoft announced the Azure Security Lab, a sandbox-like environment for security researchers to”confidently and aggressively test Azure” cloud security. Financial rewards of up to $300,000 are available for Azure security challenges offered by Microsoft and applications to join the program are now open. The Redmond giant also announced that security researchers can now earn up to $40,000 for severe Azure vulnerability reports.  Microsoft said that it has issued $4.4 million in bounty rewards over the past 12 months.

October 8, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Cybersecurity Leaders Band Together to Launch Open Cybersecurity Alliance Designed to Tackle Fragmentation, Interoperability of Security Tools

To help manage the average 47 cybersecurity tools the average enterprise deploys, IBM, McAfee, and 16 other cybersecurity leaders have launched through the OASIS international consortium an initiative called the Open Cybersecurity Alliance (OCA) designed to tackle fragmentation and interoperability problems in the cybersecurity space. Through the OCA, each company will lend cybersecurity resources, whether threat insight, code, or expertise, to “develop open source security technologies which can freely exchange information, insights, analytics, and orchestrated responses.” The Alliance will focus on the development of open-source content, code, tooling, practices, and patterns for improving the interoperability of cybersecurity solutions and work on ways to bolster information sharing across vendors and their product lines.

September 10, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Portuguese Judicial Police and Europol Bust Up Europe’s Second-Largest Counterfeit Currency Network Operating on Dark Web

The Portuguese Judicial Police (Polícia Judiciária) dismantled Europe’s second-largest counterfeit currency network on the dark web with Europol’s support, arresting five individuals who are accused of counterfeiting and organized crime, Europol announced. Counterfeit banknotes were seized across Europe, notably in France, Germany, Spain, and Portugal, worth over € 1.3 million, or around $1.4 million.

August 20, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Adult Content Sharing Website Luscious Exposed Personal Data for 1.195 Million User Accounts

Adult content-sharing website Luscious exposed user data for 1.195 million accounts, leaving them vulnerable to a range of attacks, researchers at vpnMentor report. Luscious was subject to a data breach that gave the team at vpnMentor access to the data including usernames, personal email addresses, locations, activity logs, genders, and some full names exposed through the private email addresses. The team was also able to view user activity in great detail, including video and image album uploads, likes, comments, userIDs, followers, and blog posts. After being informed by vpnMentor of the problem, Luscious fixed the security hole.

Related: Spyware news, fossBytes, RT News, Silicon Republic, TechNadu, IT Pro, The Next Web, Forbes, Z6 Magazine, vpnMentor


April 7, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
U.S.-Based Scammers Launched Numerous Strains of Banking Malware Possibly Linked to Necurs Botnet

From May 2018 to last month, scammers used data centers located in the United States to launch Neutrino, IcedID, GandCrab, and Dridex banking malware strains, among others, against English-speaking web users to steal millions of dollars from international banks, according to researchers at Bromium. The operation relied on more than a dozen U.S. data centers, with 11 web servers hosted at BuyVM, a virtual private server company in Nevada, an unusual location given that most criminal hackers try to keep their operations out of reach of the FBI. The hackers might be related to the global cybercrime gang that operates the Necurs botnet.

Related: Dark Reading: Attacks/Breaches, Cyberscoop, Techradar, Cybersecurity ReviewSC Magazine, Bromium, IT Pro, Infosecurity Magazine, Decipher, ZDNet


June 25, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Social Engineering Forum Social Engineered Hacked With Data Leaked on Rival Website, Now-Patched Flaw in MyBB Blamed

Social engineering forum Social Engineered has been compromised and its users’ data leaked on an unnamed rival website. The data exposed includes 89,000 unique email addresses linked to 55,000 forum account holders, usernames, IP addresses, and passwords stored as salted MD5 hashes. Moreover, private messages sent by users were also included in the data dump, according to Have I Been Pwned. Social Engineered says a critical stored XSS bug in MyBB,  a free open-source, free software for creating and maintaining forums, is to blame for the breach.  The vulnerability was patched in MyBB version 1.8.21, released on June 10 but Social Engineered has now moved over to the XenForo platform.

Related: ZDNet Security, Tweets Journos, Cyware News, Cyware News, ZDNet Security, Cyware News, TechNadu, Tweets Journos, Social Engineered, SC Magazine, Security Affairs, E Hacking News

Tweets:@SecurityCharlie @TroyHunt


June 17, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
New Strain of Houdini Malware Targets Financial Institutions and Customers via Phishing Campaigns, Available on Dark Web for $50 per Month

A new strain of Houdini malware, also known as HWorm, was released by its author on June 2, 2019 and has been detected in campaigns against financial institutions and their customers, researchers from Cofense say. The new variant, dubbed WSH Remote Access Tool (RAT), seeks to steal online banking credentials which can be used to make fraudulent purchases and spreads via phishing campaigns that use emails masquerading as legitimate communication from banks including HSBC. Each module of the new malware has been developed by third parties and are not the original work of the WSH RAT creator. WSH RAT is for sale in underground forums on a $50 per month subscription basis.

April 10, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Slick Grab and Go Information Stealer Baldr Is Making the Rounds in Russian Underground Forums

A “high-level functionality” information stealer called Baldr that operates in the “grab and go” mode is making the rounds in Russian underground forums, according to researchers at Malwarebytes. Baldr is able to gather user profile data including browser information, as well as detecting the existence of cryptocurrency wallets, VPNs, Telegram, and Jabber and cycles through PC files and folders to steal information from important file types. Malwarebytes believes that Baldr is likely the work of three prominent hackers who operate on Russian forums, “Agressor,” also known as Agri_MAN, “Overdot,” and “LordOdin.”

May 31, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Pyramid Hotel Group Leaked 85GB of Data Via Unsecured Database, Exposed Information Included Security Logs for Major Hotels, Hotel Employee Data

An unsecured database belonging to hotel and resort management company The Pyramid Hotel Group exposed 85GB of data including the security logs of major hotels including Marriott locations VpnMentor researchers Noam Rotem and Ran Locar and company co-founder Ariel Hochstadt discovered. Pyramid manages 90  properties include 19 Marriott locations, Sheraton hotels, Plaza resorts, and Hilton Hotel properties, alongside a number of independent hotels. The unsecured server, which has an Elasticsearch database instance in Port 9200, allowed unrestricted access to security audit logs generated by Wazuh, an open-source intrusion detection system. The exposed information stems back to April 19, 2019 and includes server API keys and passwords, device names, IP addresses of incoming connections, firewall and open port data, malware alerts, restricted applications, login attempt records, application errors, and both brute-force attack detection and malware infection logs are all included. Also exposed were detailed data for hotel employees, such as their full names and usernames, local PC names and addresses, server names and operating system details, cybersecurity policy details, and a variety of other cybersecurity-related information was all made available for public viewing. After both vpnMentor and ZDNet informed Pyramid of the exposure, the company closed the database.