Hot Topics

Compromise

Kaseya update delayed for security reasons

| | Compromise, Hacking, Kaseya, security, updates
Kaseya has delayed the release of the update that will allow customers to restart their VSA software so it can add additional security. Categories: Hacking Tags: compromisehackingkaseyasecurityupdates (Read more...) The post Kaseya ...
Malwarebytes Labs

Magecart hits again, leveraging compromised sites and newly registered domains

| | analysis, Compromise, Obfuscation
During alert monitoring, ThreatLabZ researchers came across multiple cases of shopping sites being compromised and injected with a skimming script. This injected script looks for the payment method and personally identifiable information ...
Research Blog
What's Falling Out of Your Wallet: S3 Bucket Vulnerabilities & the CapitalOne Breach

IAM Root: AWS IAM Simulator Tutorial

| | Assessing Cloud Security, aws, , AWS Environment, AWS Remediation, Best Practices, Breach, Capital One breach, Cloud Security Assessment, Compromise, Data Loss Prevention, IAM policy, IAM policy simulator tutorial, IAM Policy Tutorial, IAM Roles, Infrastructure, Prevent data leak, S3, Security misconfiguration
If you needed yet another reason to be paranoid about your personal information being exposed, the recent Capital One breach should be sufficient nightmare fuel for you. This is even more supporting ...
Professionally Evil Insights

Magecart activity and campaign enhancements

| | Compromise
Magecart is a hacker group known for skimming credit or debit card details by injecting malicious JavaScript code into e-commerce sites. Back in September 2018, the Zscaler ThreatLabZ research team published a ...
Research Blog

Malicious JavaScript injected into WordPress sites using the latest plugin vulnerability

| | Compromise
WordPress is by far the most popular content management system (CMS) and, because of its wide usage, it is also popular among cybercriminals. Most of the WordPress sites that have been compromised ...
Research Blog

Abuse of hidden “well-known” directory in HTTPS sites

| | analysis, Compromise, Malware, Phishing, Ransomware
WordPress and Joomla are among the most popular Content Management Systems (CMSs). They have also become popular for malicious actors, as cybercriminals target sites on these platforms for hacking and injecting malicious ...
Research Blog
Alert Service Compromised to Send Out Spam Message

Alert Service Compromised to Send Out Spam Message

| | alert, Compromise, IT Security and Data Protection, Latest Security News, Spam
An unknown individual compromised an alert service and abused their access to send out a spam message to some of the service’s customers. The Queenland Early Warning Network (EWN) alert service disclosed ...
The State of Security

Black Friday & Cyber Monday Deals: Phishing and Site Skimmers

| | Abuse, Compromise, encryption, Evasion/Stealth, Exploit, Malware, Mobile, mobile malware, Obfuscation, Phishing, scam
It’s that time of year again! The most glorious of shopping seasons has arrived, and users have commenced their annual tradition of flooding e-stores in search of the best deals that their ...
Research Blog

Magecart campaign remains active

| | Compromise, Malware
The Zscaler ThreatLabZ team has been tracking the Magecart campaign for several months. Magecart is a notorious hacker group that has been responsible for large attacks on the e-commerce sites of well-known ...
Research Blog

Spam campaigns leveraging .tk domains

| | Advertising, analysis, Compromise, scam
For the last couple quarters, the Zscaler ThreatLabZ research team has been closely monitoring services that provide free domain names. We’ve identified a campaign utilizing '.tk' TLD (top level domain) domains that ...
Research Blog
Load more