Category: News

From securityaffairs.co

A crook has sold 895,000 gift cards and over 300,000 payment cards, for a total of US$38 million, on a  top-tier Russian-language hacking forum on the dark web. The criminal actor was spotted offering a huge amount of cards in February 2021. According to the experts from fraud intelligence firm Gemini Advisory, threat actors have obtained the cards by compromising the back-end of the online discount gift card shop Cardpool.com.

“Gemini assesses with moderate confidence that the breach of Cardpool.com was also the source of the stolen gift cards.” reads the post published by Gemini Advisory. “The breach of Cardpool.com provides valuable insight into both how cybercriminals value different types of stolen cards and also shows how cybercriminals use sites like Cardpool.com to monetize cards once they are stolen.”

Read more…

From ehackingnews.com

Ransomware operators shut down two production facilities having a place with a European manufacturer in the wake of conveying a relatively new strain that encrypted servers that control a manufacturer’s industrial processes, a researcher from Kaspersky Lab said on Wednesday. Threat actors are abusing a Fortinet vulnerability flagged by the feds a week ago that conveys a new ransomware strain, named Cring, that is targeting industrial enterprises across Europe. 

Read more…

From 2-spyware.com

Search Button browser hijacker is a potentially unwanted program^[1] with all kinds of dangerous traits. First of all, it might change your browser preferences, such as the default search engine, new tab, and homepage. That’s done to redirect all search traffic through a website of its choice. During our research, the appointed search engine was keysearchs.com, which is fake as it doesn’t generate any search results. But depending on your geolocation, the search engines might differ.

Read more…

From cyberscoop.com

Wine-themed domain registrations rose once COVID-19 lockdowns took hold, some of them malicious and used in phishing campaigns, Recorded Future and Area 1 Security said in a joint report out Wednesday.

“As the interest in virtual happy hours and get-togethers increased so did the increase in wine-themed domain registrations,” the report states.

Read more…

From thehackernews.com

Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider.

Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series — the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update app.

Read more…

From wizcase.com

At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability in the open-source learning platform Moodle. Anyone who had an account on a given school’s Moodle (with TeX filter enabled) could then take over students’ accounts, professors, and even the accounts managed by the platform administrators.

Read more…

From ehackingnews.com

According to AMD itself, AMD’s Zen 3 CPU architecture may include a feature that could be exploited by hackers in a Spectre-like side-channel attack. 
With Zen 3, the speculative execution feature—which is a common feature in modern processors— is known as Predictive Store Forwarding (PSF). Essentially its task is to guess which instruction is most likely to be sent next through the use of branch prediction algorithms and fetch that command in anticipation. The aim is to speed up the microprocessor’s output pipeline, but the feature comes with risks, according to TechPowerUp. 

Read more…