Compromise

OAuth Identity Attack — Are your Extensions Affected?

OAuth Identity Attack — Are your Extensions Affected?

| | browser extension, Browser Security, Compromise, cyberattack, Cybersecurity
OAuth Identity Attack — Are your Extensions Affected?A malicious variant of Cyberhaven’s browser extension (v24.10.4) was uploaded to the Chrome Store on Christmas Day. According to Cyberhaven, this compromised version can allow “sensitive information, ...
SquareX Labs - Medium
SaaS Attacks: Compromising an Organization without Touching the Network

SaaS Attacks: Compromising an Organization without Touching the Network

| | Attack Framework, attacker, blue team, Cloud, Cloud Penetration Testing, cloud-based, Compromise, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, Episodes, hacker, Hacking, Information Security, Infosec, lateral movement, Luke Jennings, MITRE ATT&CK, MITRE ATT&CK Framework, network, network attacks, Network penetration testing, Podcast, Podcasts, Privacy, Push Security, Red Team, SaaS, SaaS Application, SaaS Attacks, security, Software-as-a-Service, Special Editions, technology, Weekly Edition
In this episode Luke Jennings VP of Research & Development from Push Security joins us to discuss SaaS attacks and how its possible to compromise an organization without touching a single endpoint ...
Shared Security Podcast

Kaseya update delayed for security reasons

| | Compromise, Hacking, Kaseya, security, updates
Kaseya has delayed the release of the update that will allow customers to restart their VSA software so it can add additional security. Categories: Hacking Tags: compromisehackingkaseyasecurityupdates (Read more...) The post Kaseya ...
Malwarebytes Labs

Magecart hits again, leveraging compromised sites and newly registered domains

| | analysis, Compromise, Obfuscation
During alert monitoring, ThreatLabZ researchers came across multiple cases of shopping sites being compromised and injected with a skimming script. This injected script looks for the payment method and personally identifiable information ...
Research Blog
What's Falling Out of Your Wallet: S3 Bucket Vulnerabilities & the CapitalOne Breach

IAM Root: AWS IAM Simulator Tutorial

| | Assessing Cloud Security, aws, , AWS Environment, AWS Remediation, Best Practices, Breach, Capital One breach, Cloud Security Assessment, Compromise, Data Loss Prevention, IAM policy, IAM policy simulator tutorial, IAM Policy Tutorial, IAM Roles, Infrastructure, Prevent data leak, S3, Security misconfiguration
If you needed yet another reason to be paranoid about your personal information being exposed, the recent Capital One breach should be sufficient nightmare fuel for you. This is even more supporting ...
Professionally Evil Insights

Magecart activity and campaign enhancements

| | Compromise
Magecart is a hacker group known for skimming credit or debit card details by injecting malicious JavaScript code into e-commerce sites. Back in September 2018, the Zscaler ThreatLabZ research team published a ...
Research Blog

Malicious JavaScript injected into WordPress sites using the latest plugin vulnerability

| | Compromise
WordPress is by far the most popular content management system (CMS) and, because of its wide usage, it is also popular among cybercriminals. Most of the WordPress sites that have been compromised ...
Research Blog

Abuse of hidden “well-known” directory in HTTPS sites

| | analysis, Compromise, Malware, Phishing, Ransomware
WordPress and Joomla are among the most popular Content Management Systems (CMSs). They have also become popular for malicious actors, as cybercriminals target sites on these platforms for hacking and injecting malicious ...
Research Blog
Alert Service Compromised to Send Out Spam Message

Alert Service Compromised to Send Out Spam Message

| | alert, Compromise, IT Security and Data Protection, Latest Security News, Spam
An unknown individual compromised an alert service and abused their access to send out a spam message to some of the service’s customers. The Queenland Early Warning Network (EWN) alert service disclosed ...
The State of Security

Black Friday & Cyber Monday Deals: Phishing and Site Skimmers

| | Abuse, Compromise, encryption, Evasion/Stealth, Exploit, Malware, Mobile, mobile malware, Obfuscation, Phishing, scam
It’s that time of year again! The most glorious of shopping seasons has arrived, and users have commenced their annual tradition of flooding e-stores in search of the best deals that their ...
Research Blog
Load more