AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/21/2024

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. “The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products as phishing lures to deceive victims into providing their Cardholder Data (CHD) and Sensitive Authentication Data (SAD) and Personally Identifiable Information (PII),” EclecticIQ said. The activity, first observed in early October 2024, has been attributed with high confidence to a Chinese financially motivated threat actor codenamed SilkSpecter. Some of the impersonated brands include IKEA, L.L.Bean, North Face, and Wayfare.

 

Apple Urges Mac Users to Update After Hackers Exploit Zero-Day Vulnerabilities

Apple is recommending that Mac users update their systems after revealing that hackers had exploited two vulnerabilities in its software. The company issued two bug fixes on Tuesday addressing issues in WebKit and JavaScriptCore, which power Safari and other web content. WebKit, in particular, is a major target for hackers aiming to exploit the engine to infiltrate devices and gain access to private data. In the first instance, Apple said one issue stemmed from “processing maliciously crafted web content,” which can lead to an attacker running unauthorized code on a system. The problem was addressed through enhanced validation checks, according to Apple. The second issue involved a cross-site scripting attack. Apple said it resolved the vulnerability by improving cookie state management.

 

Fintech giant Finastra investigates data breach after SFTP hack

Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. Finastra is a financial software company serving over 8,000 institutions across 130 countries, including 45 of the world’s top 50 banks and credit unions. The company employs 12,000 people, and last year, it reported a revenue of $1.7 billion. The security incident occurred on November 7, 2024, when an attacker used compromised credentials to access one of Finastra’s Secure File Transfer Platform (SFTP) systems.

 

Your iPhone isn’t as secure as you think (but it can be)

Your iPhone might seem like an impenetrable vault, keeping your personal information, photos, messages, and apps safe. But guess what? It might not be as tightly locked down as you think. While Apple keeps adding and improving iOS security features, some sneaky ways thieves and hackers can get in still exist. Let’s look at some common security threats iPhone users face and how you can protect yourself. From sneaky shoulder surfers to tricky phishing attacks, it’s time to uncover the hidden risks lurking in your pocket. We all receive notifications about software updates, but they’re easy to ignore, especially if there aren’t any new features to try. But delaying them can leave our iPhones vulnerable to serious threats. Every update contains numerous security patches that can shut down serious threats. For example, the iOS 14.7.1 update in 2021 targeted the Pegasus spyware, which was used at a high level to access messages, activate the camera and microphone, and collect location data.

 

MITRE Updates List of 25 Most Dangerous Software Vulnerabilities

The MITRE Corporation has updated its Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list, which reflects the latest trends in the cyber threat landscape. The list provides information on the most common and impactful weaknesses that threat actors exploit in attacks to take over systems, steal sensitive information, and cause disruptions. Cross-site scripting (XSS) vulnerabilities are at the top of this year’s CWE Top 25 list, up from the second position last year, with out-of-bounds write flaws dropping to the second place. While SQL injection bugs have remained on the third position, cross-site request forgery (CSRF), path traversal, and out-of-bounds read defects went up by five, three, and one place, respectively, displacing OS command injection and use-after-free issues.

Related Posts