Cybersecurity

Category Added in a WPeMatico Campaign

Cybersecurity

BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates  | Proofpoint US

Overview  Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybercrime actors and was spread via many methods such as email, Microsoft Teams, Skype, malvertising and fake updates.  Proofpoint researchers are tracking […]

Cybersecurity

Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets

This post is also available in: 日本語 (Japanese) Executive Summary Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In some campaigns, attackers created chatbots that they registered to someone noteworthy such as an Australian footballer. Other malware […]

Cybersecurity

CISA seeks comment on secure by design principles to boost global software security

Dive Brief: The Cybersecurity and Infrastructure Security Agency is seeking comment on a global effort to improve software security through major changes in development practices. The request for information, released Wednesday, seeks input about how to best incorporate security into the software development life cycle. Specifically, CISA is asking for input on how to tackle […]

Cybersecurity

MageCart WordPress Plugin Injects Malicious User & Credit Card Skimmer

One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus administrator user. It was also found injecting sophisticated credit card skimming JavaScript into the website’s checkout page. This plugin includes an interesting sample of malicious code which goes to great […]

Cybersecurity

Cisco to acquire cloud-native networking and security startup Isovalent | TechCrunch

Cisco announced this morning that it intends to acquire Isovalent, a cloud-native security and networking startup that should fit well with the company’s core networking and security strategy. The companies did not share the purchase price. Isovalent has helped develop eBPF, a key open source technology that gives developers deep insight into the operating system […]

Cybersecurity

FTC proposes tougher children’s data privacy rules for first time in a decade

The Federal Trade Commission (FTC) is proposing new restrictions on the use and disclosure of children’s personal data and wants to make it much harder for companies to exclude children from their services if they can’t monetize their data, the agency announced Wednesday. The proposed overhaul of the Children’s Online Privacy Protection Rule (COPPA) is […]