Global Retailers Must Keep an Eye on Their SaaS Stack

Global Retailers Must Keep an Eye on Their SaaS Stack,

Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can agree on is the need to secure their SaaS stack. From communications tools to order management and fulfillment systems, much of today’s critical retail software lives in SaaS apps in the cloud. Securing those applications is crucial to ongoing operations, chain management,

,

Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can agree on is the need to secure their SaaS stack. From communications tools to order management and fulfillment systems, much of today’s critical retail software lives in SaaS apps in the cloud. Securing those applications is crucial to ongoing operations, chain management,

, ,
https://thehackernews.com/2023/07/global-retailers-must-keep-eye-on-their.html

RomCom RAT Targeting NATO and Ukraine Support Groups

RomCom RAT Targeting NATO and Ukraine Support Groups,

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad.
The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023.
RomCom, also tracked under the names

,

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad.
The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023.
RomCom, also tracked under the names

, ,
https://thehackernews.com/2023/07/romcom-rat-targeting-nato-and-ukraine.html

Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems

Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems

,

Malicious actors exploited an unknown flaw in Revolut’s payment systems to steal more than $20 million of the company’s funds in early 2022.
The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly.
The fault stemmed from discrepancies between Revolut’s U.S. and European systems, causing funds

,

Malicious actors exploited an unknown flaw in Revolut’s payment systems to steal more than $20 million of the company’s funds in early 2022.
The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly.
The fault stemmed from discrepancies between Revolut’s U.S. and European systems, causing funds

, ,
https://thehackernews.com/2023/07/hackers-steal-20-million-by-exploiting.html

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China,

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China.
Pradeo, a leading mobile security company, has uncovered this alarming infiltration. The report shows that both spyware apps,

,

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China.
Pradeo, a leading mobile security company, has uncovered this alarming infiltration. The report shows that both spyware apps,

, ,
https://thehackernews.com/2023/07/two-spyware-apps-on-google-play-with-15.html

Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam

Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam,

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and reviews. You likely understand how this can damage your website’s reputation, affect search results

,

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and reviews. You likely understand how this can damage your website’s reputation, affect search results

, ,
https://thehackernews.com/2023/07/improve-your-security-wordpress-spam.html

Vishing Goes High-Tech: New ‘Letscall’ Malware Employs Voice Traffic Routing

Vishing Goes High-Tech: New ‘Letscall’ Malware Employs Voice Traffic Routing

,

Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as « Letscall. » This technique is currently targeting individuals in South Korea.
The criminals behind « Letscall » employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website.
Once the malicious software is installed, it redirects

,

Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as « Letscall. » This technique is currently targeting individuals in South Korea.
The criminals behind « Letscall » employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website.
Once the malicious software is installed, it redirects

, ,
https://thehackernews.com/2023/07/vishing-goes-high-tech-new-letscall.html

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software,

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities.
The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized

,

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities.
The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized

, ,
https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html

Mastodon Social Network Patches Critical Flaws Allowing Server Takeover

Mastodon Social Network Patches Critical Flaws Allowing Server Takeover,

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks.
Mastodon is known for its federated model, consisting of thousands of separate servers called « instances, » and it has over 14 million users across more than 20,000 instances.
The most critical vulnerability, CVE-2023-36460,

,

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks.
Mastodon is known for its federated model, consisting of thousands of separate servers called « instances, » and it has over 14 million users across more than 20,000 instances.
The most critical vulnerability, CVE-2023-36460,

, ,
https://thehackernews.com/2023/07/mastodon-social-network-patches.html

Close Security Gaps with Continuous Threat Exposure Management

Close Security Gaps with Continuous Threat Exposure Management,

CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and networks. They are hindered by a lack of open-source intelligence and powerful technology required for proactive, continuous, and effective discovery and protection of their systems, data, and assets.
As advanced threat actors constantly search for easily

,

CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and networks. They are hindered by a lack of open-source intelligence and powerful technology required for proactive, continuous, and effective discovery and protection of their systems, data, and assets.
As advanced threat actors constantly search for easily

, ,
https://thehackernews.com/2023/07/close-security-gaps-with-continuous.html

BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days

BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days,

Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify.
Recently, Microsoft’s Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes’ terrifying velocity and damaging nature.
The findings indicate that hackers can complete the entire attack process, from gaining initial access

,

Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify.
Recently, Microsoft’s Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes’ terrifying velocity and damaging nature.
The findings indicate that hackers can complete the entire attack process, from gaining initial access

, ,
https://thehackernews.com/2023/07/blackbyte-20-ransomware-infiltrate.html