In one look.
- The Magento skimmer uses malicious jpgs.
- France is investigating Apple’s ad tracking.
- SMS security issues.
- FBI warns of PYSA ransomware campaign against academic institutions.
The new Magento 2 compromise uses malicious .JPG images.
Sucuri’s blog details a new compromise that browses the credit card data of Magento 2 e-commerce sites. While investigating a Magento 2 website, researchers discovered a malicious injection that harvested users’ POST request data on the payment page, then encoded the data with base 64 and saved them in a .JPG file. Using a fake .JPG is a clever method of concealing the collected data while going unnoticed, and the stolen data, which can include full names, addresses and payment information, could be used for credit card transactions. credit card fraud or phishing. Website monitoring services and integrity checks could help website owners better detect this compromise.
A survey in France examines Apple’s ad tracking policies.
In response to the refusal of privacy lobbyists, the French data protection authority will launch an investigation into recent changes made by Apple to its data collection policies, reports AppleInsider. Lobbyists group France Digitale lodged a complaint with the French National Commission for Informatics and Freedom (CNIL) earlier this month regarding Apple’s new application tracking transparency feature. Launching in two weeks, the feature will require third-party iOS developers to ask for user permission before using ad tracking. Privacy advocates believe Apple is unfair because many Apple apps like the App Store and Apple News don’t require permission before tracking. Although the duration of the CNIL’s investigation is not clear, it could lead the authority to order Apple to revise its policy.
Twitter hacker cops a plea.
The Tampa Bay Times reports that a hacker who hijacked Twitter accounts last summer to steal more than $ 100,000 in bitcoin has struck a deal with prosecutors. In return for his guilty plea, Graham Ivan Clark will avoid the ten-year minimum sentence he would serve if tried as an adult, and instead serve three years in a young adult prison followed by three years probation. . Clark was seventeen when he was arrested for pulling off his massive Twitter scam: By convincing a Twitter employee that he worked in the company’s IT department, Clark gained access to the customer service portal of Twitter, which allowed him to successfully take over the accounts of public figures. with massive supporters like President Joe Biden, Elon Musk, Bill Gates and even Uber. Impersonating the account holders, he posted fake messages asking his followers to deposit bitcoin into his account, and by the time Twitter came to prominence, Clark had racked up $ 117,000. Clark’s conviction prohibits the use of a computer without police surveillance, and he was forced to relinquish passwords to all of his accounts.
SMS hacking takes advantage of regulatory blind spots?
With little government regulation, SMS interception has become an easy fruit for cybercriminals to manipulate. “SIM swapping” – the act of tricking cell phone workers into changing account credentials – is the most common method thieves use to redirect text messages from a company. victim to another device. As CyberWire noted yesterday, a new industry unintentionally allows thieves to intercept a victim’s messages even without a SIM card swap. As part of their SMS marketing and mass messaging services, companies like Sakari allow customers to redirect text messages to a number of their choice by simply submitting an Authorization Letter (or LOA).
Hackers like Lucky225 quickly discovered how easy it is to take advantage of this service by simply filling out the required LOA with fraudulent information. Lucky225 explains to KrebsOnSecurity that this attack takes advantage of a loophole in SMS regulation policies. Most carriers have to go through the Number Portability Administration Center (NPAC) to ask a customer for permission to forward their phone number. But a private company called NetNumber has developed its own process for tracking telecom providers, and many of its customers are voice over IP (VoIP) or Internet companies that will allow anyone to become a reseller with little to no verification. . Lucky225 explained, “In essence, once you have a reseller account with these VoIP wholesalers, you can change the network number ID of any phone number to your wholesale provider’s NNID and start to receive SMS without any authentication. ” NetNumber claims that since learning of the fraudulent activity they have taken “precautionary measures”. But it looks like hackers are still finding ways to get around these measures, and while many large mobile companies now have protections in place to ensure their customers are not affected by NetNumber’s requests, small operators are probably still vulnerable.
FBI warns of renewed PYSA ransomware campaign against schools.
The FBI has warned educational institutions to expect an increase in PYSA ransomware attacks, which are believed to be newly active in twelve US states and the UK. Also known as Mespinoza, the ransomware strain is typically installed either through a remote desktop exploit or through conventional phishing. As is currently the case with ransomware, PYSA operators first steal sensitive information, including personally identifiable information, before encrypting the files of its victims.
Some industry figures have reached out to us to comment on the warning and the ransomware threat. Jorge Orchilles, CTO of SCYTHE, wrote that “Ransomware threat actors continue to evolve to ensure they receive payment. We have seen “double extortion” being used in various sectors, and not just in education. The threat actors exfiltrate the data and publish a sample to extort and trick the victim into paying in addition to the traditional ransom of encrypting their data. ”
Saryu Nayyar, CEO of Gurucul, points out that schools can, unfortunately, be easy grades. “For malicious actors, the education sector is a prime target. IT budgets are often tight and cybersecurity resources are depleted. Victims can be naïve to cyber threats, making them easy targets for social engineering and phishing attacks, “she wrote.” With the rise of cybercrime as a service, including ransomware and hybrid attacks that extract data for extortion before encrypting it. this, it is not surprising that they are attacking easier targets like schools, seminars and colleges.
And she sees safety training and education as an essential part of the response. “Educating users to reduce the change of becoming a victim is the first line of defense, as is almost always the case when users are involved. But educational organizations must go further. They need to review and update their cybersecurity posture to deal with complex threats as budget and resources allow. ”