Web Security | SC Media

Web Security

IE, Firefox, Chrome and Safari's protection against phishing was tested.

Microsoft patches flaws in IE, Defender

Microsoft Corp. yesterday issued out-of-band updates for a pair of security vulnerabilities, one in Internet Explorer and one in its Defender anti-malware software for Windows. Discovered by Clément Lecigne of Google’s Threat Analysis Group and designated CVE-2019-1367, the IE bug is a memory corruption vulnerability that can be exploited for remote code execution in the…

Eight cities’ payment records impacted in Click2Gov portal breach

For the second time since 2017, the third-party government bill-payment portal Click2Gov has experienced a significant data breach affecting thousands of individuals in multiple cities across the U.S. Government entities use the Click2Gov portal to accept payments for permits, licenses, fines and utilities. Discovered by fraud intelligence experts at Gemini Advisory, this latest attack compromised…

Chrome security issues addressed with Stable channel update

Google updated its Chrome Stable channel to version 77.0.3865.90 for Windows, Mac, and Linux to implement four security fixes, one rated critical and three high. The critical CVE-2019-13685 covers a use-after-free in UI issue; CVE-2019-13688 (high) deals with a use-after-free in media; CVE-2019-13687 (high) a use-after-free in media and CVE-2019-13686 (high) a use-after-free in offline…

hotel

Hotel websites infected with skimmer via supply chain attack

A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains by executing a supply chain attack on a third-party partner, researchers have reported. The third party in both instances was Roomleader, a Barcelona-based provider of digital marketing and web development services. One of the ways Roomleader helps hospitality companies build out…

WordPress update fixes assortment of XSS flaws

The developers of WordPress last week issued a short-cycle maintenance release for its content management system software, introducing 29 fixes and improvements. The new version, 5.2.3, remedies six issues that can enable cross-site scripting (XSS) attacks. These include XSS flaws found in post previews, stored comments and shortcode previews, and another XSS vulnerability that results…

Domen toolkit customizes fake web page overlays to bolster infection odds

A malicious campaign has been leveraging a newly discovered social engineering toolkit to distribute a wide range of phony web page overlays, seemingly generating at least 100,000 page views in the just the past few weeks. The toolkit, dubbed Domen, uses a cleverly written client-side script (“template.js”) to deliver these fraudulent overlays, which are loaded…

Miscreants infected a poker player's laptop malware that monitored his every online gambling move.

New way to lose at poker? Card game domains infected with Magecart skimmer

Cybercriminals are upping the ante when it comes to compromising websites with Magecart payment card skimmers, as evidence by the recent discovery of two infected web domains used by poker enthusiasts. A Malwarebytes blog post this week identified the two affected web pages as pokertracker.com and its subdomain pt4pokertracker.com. Both are related to a software…

Vast majority of newly registered domains are malicious

Newly registered domains (NRDs) are created at the astounding rate of about 200,000 every day and a recent report indicates that 70 percent of these are malicious or suspicious and used for a wide range of nefarious activities. The NRDs are an interesting breed with some staying active for a very brief period, just hours,…

Cracked.to hacking forum user data breached and leaked by rivals

Hacking online forum Cracked.to last July suffered a data breach at the hands of one of its rival communities, resulting in the compromise of roughly 321,000 members, breach reference website site “Have I Been Pwned?” reported this week. The breach resulted in a public doxxing that exposed a database containing 749,161 email accounts, as well…

leakingData social

Report: SEC looking into First American Financial Corp.’s leaky website

First American Financial Corp. is reportedly the subject of a U.S. Securities and Exchange Commission investigation, following the discovery of a website defect that left 885 million documents exposed to the public. Earlier this year, the financial services company’s website was found to have allowed anyone with a web browser and a URL for a…

Next post in Data Breach