News

Leading fraud protection provider ClearSale (http://clear.sale)will have a team including VP of Partnerships Denise Purtzer at MageX 2019 in Austin, Texas, Sept. 12-13. MageX gives Magento merchants, developers, partners and agencies the opportunity to network face-to-face and to learn from Magento experts who will share best practices, case studies, consultations and other resources for attendees. Speaker topics at this year’s event include e-commerce cybersecurity and B2B e-commerce. ClearSale recently released an extension for Magento 2...

Google has confirmed that a vulnerability could have left 1.5 billion Google Calendar and Gmail users exposed to a dangerous form of phishing attack. As Forbes reports, the problem was a result of the close linking between the two services, which allows calendar invitations to be sent by email – even by people you don't know, and have never spoken to before – and added to your calendar automatically. Source: Tech Radar

Apple will introduce other features that allow more secure use of iPhones in workplace settings as well. Apple's soon-to-be-released iOS 13 includes multiple features designed to give iPhone users substantially better control over their privacy and security settings for both personal and business use. Apple today announced it will release iOS 13 on September 19, one day before the company's scheduled rollout of the new iPhone 11 Pro and iPhone 11 Pro Max phones. The...

A new report points out the dangers to customer data of website reliance on multiple third parties. In an effort to make websites attractive and easy to use for their customers, companies have also made them attractive targets for criminals. That's one of the broad conclusions in a new report that points out where the companies with the largest Web presence have introduced vulnerabilities to go along with their ease of use. Source: Dark Reading

A Montgomery County school district has become the latest apparent victim of a ransomware cyberattack that struck just after the start of the new school year. On Monday, Souderton Area School District Superintendent Dr. Frank Gallagher said that the district’s computer network was hit by the malware attack on Sunday, Sept. 1. Students had returned to class the week before. Source: NBC Philidelphia

Ransomware? Easy cash for attackers. Phishing? Nothing but cash. Spam? All kinds of ways to monetize people clicking links. Data breaches? That stuff gets used for fraud and the rest gets sold off (to be used for more fraud). Nation state attacks? Sure there's ideology, but when you consider that US sanctions no doubt played a part in Russia's motivation for attacking the 2016 election, money is in the equation. And that's not to mention nation...

A new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs). Businesses use SEGs to protect against a wide variety of email-based attacks. They scan all messages, in or out, for malicious content and protect at least against malware and phishing threats. Source: BleepingComputer

Coders late last week publicly released a working exploit for the dangerous Bluekeep bug that was found and patched earlier this year in Microsoft’s Remote Desktop Protocol implementation. Designated as CVE-2019-0708, BlueKeep is a remote Windows kernel use-after-free vulnerability that could be used to create wormable attacks similar to the WannaCry ransomware incident of May 2017. Published on GitHub by the Metasploit Project – a pen-testing framework developed in a collaboration between security company Rapid7 and open-source researchers – the exploit module currently targets...

Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices. Imperial Dabman IoT radios have a weak password vulnerability that could allow a remote attacker to achieve root access to the gadgets’ embedded Linux BusyBox operating system, gaining control over the device. Adversaries can deliver malware, add a compromised radio to a botnet, send custom audio streams to the device, listen to all station messages as...

Wikipedia was hit late last week with a sustained DDoS attack knocking it offline in many parts of the world. Wikipedia’s parent organization Wikimedia posted a statement on Sept. 7 saying it was under attack and working to return to normal operations, but posted on Twitter on Sept. 6 that it was suffering intermittent outages. The affected nations were UK, France, Germany and Italy. Parts of the United States were also impacted. Source: SC Magazine