Website/Web Server Security news, articles & updates| SC Media

Website/Web Server Security

Test platform leaks Bank of America clients’ Covid-19 PPP loan applications

Bank of America has disclosed that it briefly exposed certain business clients’ Paycheck Protection Program (PPP) applications to outside parties after uploading the documents onto a test platform. The incident bears similarities to the recent news of at least states mistakenly exposing application information related to the Pandemic Unemployment Assistance (PUA) program. Both the PPP…

Malicious actor holds at least 31 stolen SQL databases for ransom

A malicious cyber actor or hacking collective has reportedly been sweeping the internet for online stores’ unsecured SQL databases, copying their contents, and threatening to publish the information if the rightful owners don’t pay up. The perpetrator has stolen the copied versions of at least 31 SQL databases, which have been put up for sale…

Colorado, Florida & Ohio become latest states to disclose PUA program data leaks

Colorado, Ohio and Florida have become the latest states to disclose the accidental exposure of information belonging to citizens who applied to the federal Pandemic Unemployment Assistance program as a means of seeking some financial security during the ongoing COVID-19 crisis. In all cases, the states said a very limited number of people inadvertently gained…

Low unemployment

Arkansas, Illinois COVID-19 unemployment websites leak data

Arkansas and Illinois both reportedly exposed sensitive citizen data after failing to adequately secure web services that the states urgently propped up in order to process applications for the federal Pandemic Unemployment Assistance program. Experts say the hurried pace of setting up these digital services could very well have resulted in glitches and overlooked gaps…

San Francisco airport websites hacked to swipe personal device credentials

Two websites affiliated with San Francisco International Airport (SFO) were compromised with code last March, allowing attackers to steal device login credentials from users who visited these sites, airport officials have disclosed. The breach affected the websites SFOConnect.com, which appears to deliver informational content to the SFO workforce, and SFOConstruction.com, which includes details on airport…

Malvertising campaign spoofs Malwarebytes website to deliver Raccoon info-stealer

Malicious actors created a fake webpage that impersonates cybersecurity company Malwarebytes and were using it as a gateway in a malvertising campaign designed to infect victims with the Raccoon information stealer. The malvertisements, which likely appeared on adult websites, automatically redirected site visitors to the fake page without any customer interaction, according to the Malwarebytes…

Open redirect on Dept. of HHS website benefits COVID-19 phishing scam

A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability found on the U.S. Department of Health and Human Services’ website, HHS.gov. As defined by Trustwave here, an open redirect occurs when a website’s “parameter values (the portion of URL after “?”) in an HTTP…

MS13-061 was scrapped after Microsoft became aware that installing it causes problems.

Report: Account takeover and data scraping attacks on e-retailers up as COVID-19 surges

Masses of global citizens have been retreating to their homes and relying on online services to stock up their domiciles during the coronavirus pandemic, and it could be having an influence on cyberattacks against websites. Researchers at application protection company PerimeterX have reported a two-month increase in account takeover attacks against online home goods retailers,…

Report: NutriBullet’s website injected with skimmer three times by Magecart Group 8

Since February, a prominent Magecart cybercriminal group has injected the same Java-based payment card skimmer program not one, not two, but three times into the compromised international website of blender manufacturer NutriBullet, researchers from RiskIQ have reported. Each time a skimmer was removed from nutribullet.com, the criminal actors, known as Magecart Group 8, would reintroduce…

COVID-19 decoy doc, Cloudflare service used to spread ‘BlackWater’ malware

Researchers have uncovered a new malware campaign that uses the COVID-19 pandemic as a lure, and also abuses platform-as-a-service web infrastructure tools to apparently thwart attempts at blocking command-and-control communications. Dubbed BlackWater, the backdoor malware specifically takes advantage of Cloudflare Workers — an offering of Cloudflare, a popular provider of website operators with content delivery…

Next post in Malware