Skimming off the top - A new attack campaign is siphoning credit card data from Magento stores using digital skimmers. Over a dozen compromised sites have been identified, with stolen information being funneled to attacker-controlled domains. Meanwhile, researchers have uncovered 'sedexp,' a Linux malware that has evaded detection since 2022 and uses a rare persistence technique to maintain its foothold on compromised systems. The CISA flagged an actively exploited vulnerability in Versa Director for immediate patching by federal agencies. Read on for all the latest cybersecurity updates.
01
A new attack campaign targeted numerous Magento-based online stores using digital skimmers to steal credit card information. Over a dozen compromised websites were identified, with stolen data being sent to attacker-controlled sites.
02
Researchers have uncovered a new Linux malware named 'sedexp' that has flown under the radar since 2022. The malware offers reverse shell capabilities and uses a unique persistence technique involving udev rules.
03
Malwarebytes warned of scammers on Facebook targeting grieving users with fake funeral ‘live stream’ scams to steal money and credit card details. The scammers use stolen images and phony links to trick people into phishing schemes or making donations.
04
Ecovacs vacuum and lawn mower robots could be hacked to spy on users, with security flaws allowing attackers to access cameras and microphones, or take over devices using Bluetooth to access sensitive data such as Wi-Fi credentials and room maps.
05
Meta blocked a cluster of WhatsApp accounts associated with the Iran-linked APT42 group. These accounts were used for social engineering attacks against individuals in Israel, Palestine, Iran, the U.S., and the U.K.
06
The CISA added a dangerous file type upload vulnerability (CVE-2024-39717) in Versa Director to its KEV catalog. Federal agencies are required to fix this vulnerability by September 13.
07
According to the NCC Group, around 34% of ransomware attacks claimed in July 2024 targeted critical industrial organizations. The month marked a 20% rise in claimed ransomware victims (395) compared to June (329).
08
Horizon3.ai unveiled two path traversal vulnerabilities (CVE-2024-24809 and CVE-2024-31214) in the open-source Traccar GPS tracking system that could be exploited by unauthenticated attackers to achieve remote code execution.
09
In an audit, the DOJ's Office of the Inspector General found several weaknesses in the inventory management and disposal procedures of the FBI for electronic storage media, putting sensitive but unclassified (SBU) as well as classified national security information (NSI) at risk.
10
Symmera, a Connecticut-based early-stage startup focused on device authentication and data protection, received an undisclosed investment from Emerson Ventures.
