The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: website security

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

June 29, 2020Ravie Lakshmanan
In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites. "We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes researchers said last week. "This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot." The evolving tactic of the operation, widely known as web skimming or a Magecart attack, comes as bad actors are finding different ways to inject JavaScript scripts, including misconfigured AWS S3 data storage buckets and exploiting content security policy to transmit data to a Google Analytics account under their control. Using Steganography
Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets

Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets

June 09, 2020Ravie Lakshmanan
Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns. In a new report shared with The Hacker News, cybersecurity firm RiskIQ said it identified three compromised websites belonging to Endeavor Business Media last month that are still hosting JavaScript skimming code — a classic tactic embraced by Magecart , a consortium of different hacker groups who target online shopping cart systems. The unpatched affected websites host emergency services-related content and chat forums catering to firefighters, police officers, and security professionals, per RiskIQ. www[.]officer[.]com www[.]firehouse[.]com www[.]securityinfowatch[.]com The cyber firm said it hasn't heard back from Endeavor Business Media despite reaching out to the company to address the issues. As a consequence, it's working with Swiss non-profit cyber
AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak

AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak

March 30, 2020The Hacker News
These are unprecedented times, and everyone is going through a testing period, with more than 3 billion people locked down all over the world. Businesses are scrambling to stay afloat and are forced to move digital in a very short span of time without much preparation. As these businesses move digital, cyber threats are more real than ever. Every day we are hearing news about hackers taking advantage of the situation. Cybersecurity company Indusface that holds expertise in keeping applications over the internet secure has decided to step up and do our bit to the society. During this unprecedented time, Indusface has announced to support organizations affected by COVID-19 by offering professional cybersecurity protection to their online businesses at free of cost for at least a month. Indusface already provides a Free Forever Website security assessment service, and as part of this additional offering, businesses can get 30 days of its paid offering without any charges. Cus
Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

March 04, 2020Ravie Lakshmanan
The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates. As a result, the bug opened up a scenario where a certificate could be issued even without adequately validating the holder's control of a domain name. The Certification Authority Authorization (CAA), an internet security policy, allows domain name holders to indicate to certificate authorities (CAs) whether or not they are authorized to issue digital certificates for a specific domain name. Let's Encrypt considers domain validation results good only for 30 days from the time of validation, after which it rechecks the CAA record authorizing t
Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years

Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years

February 28, 2020Ravie Lakshmanan
Let's Encrypt, a free, automated, and open certificate signing authority (CA) from the nonprofit Internet Security Research Group (ISRG), has said it's issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015, before eventually reaching 100 million in June 2017. Since late last year, Let's Encrypt has issued at least 1.2 million certificates each day. The development comes as over 80 percent of the web page loads have begun using HTTPS worldwide , and 91 percent in the US alone. HTTPS, the default means of secure communication on the internet, comes with three benefits: authentication, integrity, and encryption. It allows HTTP requests to be transmitted over a secure encrypted channel, thus protecting users from an array of malicious activities, including site forgery and content manipulation. "Since 2017, browsers have started requiring HTTPS for more features, and they've greatly improved the way
App Used by Israel's Ruling Party Leaked Personal Data of All 6.5 Million Voters

App Used by Israel's Ruling Party Leaked Personal Data of All 6.5 Million Voters

February 11, 2020Mohit Kumar
An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election. In Israel, all political parties receive personal details of voters before the election, which they can't share with any third party and are responsible for protecting the privacy of their citizens and erasing it after the elections are over. Reportedly, Likud shared the entire voter registry with Feed-b, a software development company, who then uploaded it a website (elector.co.il) designed to promote the voting management app called 'Elector.' According to Ran Bar-Zik , a web security researcher who disclosed the issue, the voters' data was not leaked using any security vulnerability in the Elector app; instead, the incident occurred due to negligence by the softw
Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

December 19, 2019Swati Khandelwal
If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time. Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three "moderately critical" vulnerabilities in its core system. Considering that Drupal-powered websites are among the all-time favorite targets for hackers, the website administrators are highly recommended to install the latest release Drupal 7.69, 8.7.11, or 8.8.1 to prevent remote hackers from compromising web servers. Critical Symlinks Vulnerability in Drupal The only advisory with critical severity includes patches for multiple vulnerabilities in a third-party library, called ' Archive_Tar ,' that Drupal Core uses for creating, listing, extracting, and adding files to tar archives. The vulnerability resides in the way the affected library untar archives with sym
Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

December 04, 2019Mohit Kumar
Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take control over them. The first vulnerability resides in the way multi-part/form-data requests are processed within the base GoAhead web server application, affecting GoAhead Web Server versions v5.0.1, v.4.1.1, and v3.6.5. According to the researchers at Cisco Talos, while processing a specially crafted HTTP request, an attacker exploiting the vulnerability can cause use-after-free condition on the server and corrupt heap structures, leading to code execution attacks. The second vulnerability, assigned as CVE-2019-5097, also resides in the same component of the GoAhead Web Server and can be
Europol Shuts Down Over 30,500 Piracy Websites in Global Operation

Europol Shuts Down Over 30,500 Piracy Websites in Global Operation

December 04, 2019Wang Wei
In a coordinated global law enforcement operation, Europol has taken down more than 30,500 websites for distributing counterfeit and pirated items over the Internet and arrested three suspects. Among other things, the seized domains reportedly offered various counterfeit goods and pirated products and services, including pirated movies, illegal television streaming, music, electronics, cracked software downloads, counterfeit pharmaceuticals, and other illicit products. However, it should be noted that the seized web domains do not include any major pirate websites on the Internet. During the investigation, international law enforcement officials: shut down a total of 30,506 web domains, arrested three suspects, seized 26,000 luxury clothes and perfumes, seized 363 liters of alcoholic beverages, and seized an unspecified number of hardware devices. The officials also identified and froze more than €150,000 from several bank accounts and online payment platforms. Th
Top 5 Cybersecurity and Cybercrime Predictions for 2020

Top 5 Cybersecurity and Cybercrime Predictions for 2020

December 03, 2019The Hacker News
We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post. Compliance fatigue will spread among security professionals Being a source of ongoing controversy and debate, the California Consumer Privacy Act (CCPA) was finalized on 11th January 1, 2019. Driven by laudable objectives to protect Californians' personal data, prevent its misuse or unconsented usage by unscrupulous entities, the law imposes formidable monetary penalties of up to $7,500 per intentional violation and $2,500 per unintentional violation. The Act is enforceable against organizations that process or handle personal data of California residents, regardless of the geographical location of the former. Akin to the EU GDPR, data subjects are empowered with a bundle of rights to control their personal data and its eventual usage. The pitfall is that if every US state introduces its own s
4 Best Free Online Security Tools for SMEs in 2020

4 Best Free Online Security Tools for SMEs in 2020

November 13, 2019The Hacker News
Cyberattacks on small and midsized companies in 2019 cost $200,000 per company on average, mercilessly putting many of them out of business, says CNBC in its analysis of a recent Accenture report. In light of the global cybersecurity skills shortage, the number is set to soar in 2020. Solely in the UK, over 50,000 British SMEs could collapse next year following a cyberattack. This article brings a list of free tools that are already being used to combat these alarming challenges and enabling SMEs to arm themselves against a wide range of cyber offenders. Website Security Test with GDPR and PCI DSS Compliance Scan The problem: It would be hard to come across an SME without a website, or at least a web page on the Internet. Such websites are habitually poorly protected, becoming low-hanging fruit for cybercriminals. Even if the website does not store or handle any payment transactions or otherwise sensitive information, once breached, access to it can be sold in Dark Web mark
Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security

Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security

November 06, 2019Mohit Kumar
Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called " Delegated Credentials for TLS ." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates without sacrificing the reliability of secure connections. In short, the new TLS protocol extension aims to effectively prevent the misuse of stolen certificates by reducing their maximum validity period to a very short span of time, such as a few days or even hours. Before jumping into how Delegated Credentials for TLS works, you need to understand the current TLS infrastructure, and of course, about the core problem in it because of which we need Delegated Credentials for TLS. The Current TLS Infrastructure More than 70% of all websites on the Internet today use TLS certificates to establish a secure line of HTTPS communication between their servers and visitors,
New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now!

New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now!

November 01, 2019Swati Khandelwal
Attention readers, if you are using Chrome on your Windows, Mac, and Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. With the release of Chrome 78.0.3904.87, Google is warning billions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are actively exploiting in the wild to hijack computers. Without revealing technical details of the vulnerability, the Chrome security team only says that both issues are use-after-free vulnerabilities, one affecting Chrome's audio component ( CVE-2019-13720 ) while the other resides in the PDFium ( CVE-2019-13721 ) library. The use-after-free vulnerability is a class of memory corruption issues that allows corruption or modification of data in the memory, enabling an unprivileged user to escalate privileges on an affected system or software. Thus, both flaws could enable remote attackers
Leading Web Domain Name Registrars Disclose Data Breach

Leading Web Domain Name Registrars Disclose Data Breach

October 31, 2019Swati Khandelwal
Another day, another massive data breach—this time affecting a leading web technology company, as well as both of its subsidiaries, from where millions of customers around the world have purchased domain names for their websites. The world's top domain registrars Web.com, Network Solutions, and Register.com disclosed a security breach that may have resulted in the theft of customers' account information. Founded in 1999 and headquartered in Jacksonville, Florida, Web.com is a leading web technology company that owns both Network Solutions and Register.com. The companies offer web services like web hosting, website design, and online marketing to help people build their own websites. What happened? — In late August 2019, a third-party gained unauthorized access to a "limited number" of the company's computer systems and reportedly accessed millions of records for accounts of current and former customers with Web.com, Network Solutions, and Register.com.
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

October 26, 2019Mohit Kumar
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043 , affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could be exploited easily as a proof-of-concept (PoC) exploit for the flaw has already been released publicly. PHP-FPM is an alternative PHP FastCGI implementation that offers advanced and highly-efficient processing for scripts written in PHP programming language. The main vulnerability is an "env_path_info" underflow memory corruption issue in the PHP-FPM module, and chaining it together with other issues could allow attackers to remotely execute arbitrary code on vulnerable web servers. The vulnerability was spotted by Andrew Danau, a security researcher at Wallarm while hun
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.