Tag Archive for: Payment

Hackers Exploit Bug In Magento To Access Payment Data On Ecommerce Sites

/in


(MENAFN– Investor Brand Network) A critical flaw in the open-source e-commerce platform Magento has allowed hackers to make backdoors into e-commerce websites and
steal payment data . Computer software company Adobe Inc. describes the error,
CVE-2024-2072 ,
as the“improper neutralization of special elements” that could allow attackers to make arbitrary code executions without any user interaction.

Adobe addressed the vulnerability on Feb. 13, 2024, as part of a batch of security updates while e-commerce security company Sansec announced that it…

Read More>>

NOTE TO INVESTORS:
The latest news and updates relating to NextPlat Corp. (NASDAQ: NXPL, NXPLW) are available in the company’s newsroom at

About BioMedWire

BioMedWire
(“BMW”) is a specialized communications platform with a focus on the latest developments in the Biotechnology (BioTech), Biomedical Sciences (BioMed) and Life Sciences sectors. It is one of 60+ brands within the
Dynamic Brand Portfolio
@
IBN
that delivers :
(1) access to a vast network of wire solutions via
InvestorWire
to efficiently and effectively reach a myriad of target markets, demographics and diverse industries ;
(2) article and
editorial syndication to 5,000+ outlets ;
(3) enhanced
press release enhancement
to ensure maximum impact ;
(4)
social media distribution
via IBN to millions of social media followers ;
and (5) a full array of tailored
corporate communications solutions . With broad reach and a seasoned team of contributing journalists and writers, BMW is uniquely positioned to best serve private and public companies that want to reach a wide audience of investors, influencers, consumers, journalists and the general public. By cutting through the overload of information in today’s market, BMW brings its clients unparalleled recognition and brand awareness.

BMW is where breaking news, insightful content and actionable information converge.

To receive SMS alerts from BioMedWire,“Biotech” to 888-902-4192 (U.S. Mobile Phones Only)

For more information, please visit

Please see full terms of use and disclaimers on the BioMedWire website applicable to all content provided by BMW, wherever…

Source…

New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

/in


Mar 27, 2024NewsroomVulnerability / Cybercrime

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla.

Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment.

The archive (“Bank Handlowy w Warszawie – dowód wpłaty_pdf.tar.gz”) conceals a malicious loader that activates the procedure to deploy Agent Tesla on the compromised host.

“This loader then used obfuscation to evade detection and leveraged polymorphic behavior with complex decryption methods,” security researcher Bernard Bautista said in a Tuesday analysis.

“The loader also exhibited the capability to bypass antivirus defenses and retrieved its payload using specific URLs and user agents leveraging proxies to further obfuscate traffic.”

The tactic of embedding malware within seemingly benign files is a tactic that has been repeatedly employed by threat actors to trick unsuspecting victims into triggering the infection sequence.

Cybersecurity

The loader used in the attack is written in .NET, with Trustwave discovering two distinct variants that each make use of a different decryption routine to access its configuration and ultimately retrieve the XOR-encoded Agent Tesla payload from a remote server.

In an effort to evade detection, the loader is also designed to bypass the Windows Antimalware Scan Interface (AMSI), which offers the ability for security software to scan files, memory, and other data for threats.

It achieves this by “patching the AmsiScanBuffer function to evade malware scanning of in-memory content,” Bautista explained.

The last phase involves decoding and executing Agent Tesla in memory, allowing the threat actors to stealthily exfiltrate sensitive data via SMTP using a compromised email account associated with a legitimate security system supplier in Turkey (“merve@temikan[.]com[.]tr”).

The approach, Trustwave said, not only does not raise any red flags, but also affords a layer of anonymity that makes it harder to trace the attack back to the adversary, not to mention save…

Source…

Ransomware payment debate resurfaces amid Change Healthcare incident

/in


A hotly debated flashpoint in the cybersecurity community is getting renewed attention as healthcare stakeholders work to rebound from a major ransomware attack that’s roiled the U.S. health insurance market over the past month.

The Feb. 21 Change Healthcare ransomware attack carried out by the ALPHV/Blackcat hacking gang has delayed prescription fillings and led to cash crunches at clinics and other facilities. The American Healthcare Association said that 94% of hospitals are signaling financial impact due to the incident, with some providers losing upwards of $1 billion per day in revenues.

Change Healthcare reportedly made a $22 million ransom payment to the hackers. Soon after, the cybercrime collective appeared to stage a fake takedown of their own site. But analysts expect the group to reemerge under a new name.

The U.S. over the past year has been working with international partners to take a firm stance against ransom payments, though surveyed experts have not agreed on a single policy.

Some cyber industry leaders say that paying ransoms should be banned because it emboldens cybercriminals and helps fund more illicit activities, and that, in some cases, paying a ransom does not necessarily guarantee that compromised data will be returned.

Others argue that total bans put too much pressure on victims, and that sometimes payments need to be made in order to recover vital systems, like those seen in hospitals and critical infrastructure.

In a briefing with reporters Monday, the Department of Health and Human Services said it has not yet taken an official position on whether ransom payments should be banned, and later told Nextgov/FCW it would defer to the National Security Council and FBI on the matter.

The White House is maintaining its previously established position that ransoms should not be paid because payment incentivizes cybercriminals to conduct more ransomware attacks.

The Biden administration “strongly discourages paying of ransoms, to stop the flow of funds to these criminals and disincentivize their attacks,” Anne Neuberger, deputy national security advisor for cyber and emerging technology at NSC said in a statement to Nextgov/FCW.    

The FBI declined to…

Source…

Deadline looms for Allen & Overy’s ransomware payment

/in


negotatoare

Ian usually just told lawyers to switch it off and switch it on again.

Allen & Overy has until Tuesday to pay off a gang of cybercriminals or they will release a cache of files stolen from the firm, the hackers have said.

Three weeks ago the LockBit ransomware group announced that it had added the Magic Circle to its long list of victims, which includes Accenture and the Ministry of Defence, and that A&O had until 28 November to pay up.

LockBit originated in countries which belonged to the former Soviet Union and operates as a franchise, providing its software and negotiation framework to affiliates in exchange for a proportion of the ransoms they extort.

Recently the LockBit high table ordered its affiliates to hike the amounts they demand from victims after reportedly being disappointed with the size of ransom payments.

For organisations with revenues upwards of $1 billion, a ransom equating to 0.1% to 3% of the total should be sought, according to a cyberthreat analyst’s report on the gang’s new rates.

That didn’t pan out when an offshoot attempted to extort £66m from Royal Mail. Demands for a sum equivalent to 0.5% of the company’s global revenue faltered when Royal Mail’s negotiator argued that LockBit had actually hacked a loss-making subsidiary of the Plc, Royal Mail International, and that “under no circumstances” would it pay “the absurd amount of money” LockBit had demanded.

On top of which, said Royal Mail’s negotiator, what damage the hack could do had already been done, having triggered a breakdown of the company’s ability to make international deliveries.

Allen & Overy’s revenues were £2.1 billion in 2022, which means if the gang is operating in line with LockBit’s edicts, the firm could currently be attempting to argue down a number between £2.1m and £10.5m.

A&O declined to specify how much the criminals were demanding and whether it was engaging with them, referring RollOnFriday to its statement at the time of the attack when it said it had “experienced a data incident impacting a small number of storage servers”.

LockBit’s ransomware can enter a network via phishing, where an employee receives an email requesting access details which appears…

Source…