-
The State of Magecart: A Persistent Threat to E-Commerce Security
Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is still here going strong. Go to Source
-
Code Signing Certificates are being used by new BLISTER malware to avoid detection.
According to researchers, evasive malware exploits valid code-signing certificates to evade security measures and deploy Cobalt Strike and BitRAT payloads through compromised systems. Elastic Security experts have dubbed the binary “Blister,” with malware samples that have zero to negligible detections on VirusTotal. At the time of writing, the infection vector, as well as the ultimate…
-
Bug in macOS, Gatekeeper’s security can be bypassed by malware.
The macOS operating system was recently patched for a security vulnerability that could be exploited by a threat actor to bypass “myriad foundational macOS security mechanisms” and run arbitrary code. Patrick Wardle described the discovery in a series of tweets on Thursday. According to CVE-2021-30853 (CVSS 5.5), the issue involves a scenario where a rogue…
-
Azure App Service Exposed Hundreds of Source Code Repositories after four years.
A security flaw has been discovered in Microsoft’s Azure App Service that exposed source code for customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. According to Wiz researchers, the vulnerability, codenamed “Not Legit,” was first reported to the tech giant on October 7, 2021, and…
-
ON Log4j Vulnerability CISA, FBI, and NSA publish a joint advisory.
The Australian, Canadian, New Zealand, U.S., and U.K. cyber security agencies released a joint advisory on Wednesday in response to the widespread exploitation of multiple vulnerabilities in Apache’s Log4j software library by malicious actors. “These vulnerabilities, especially Log4Shell, are severe,” the intelligence agencies stated in the new guidance. Cyber threat actors are actively scanning networks…
-
Bugs in Active Directory could allow hackers to take over Windows domain controllers.
Following the availability of a proof-of-concept (POC) tool on December 12, Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November. The two vulnerabilities are identified as CVE-2021-42278 and CVE-2021-42287. They both affect Active Directory Domain Services (AD DS) and have a severity rating of 7.5.…
-
Chinese government suspends the Alibaba deal because it did not share the 0-day of Log4j with the government.
The Ministry of Industry and Information Technology (MIIT) of China temporarily suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of the world’s largest e-commerce company, for six months after the company failed to promptly notify the government about a critical security vulnerability affecting the widely used Log4j logging library. Reports from 21st Century…
-
Trustwave’s 2025 Cybersecurity Predictions: The Era of End-to-End AI Cyberattacks is Here
As 2024 has wrapped up, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. Go to Source
-
HHS Proposes Critical HIPAA Security Rule Updates to Combat Rising Cybersecurity Threats in Healthcare
The Health and Human Services Office of Civil Rights (OCR) has launched an effort to improve cybersecurity measures for a wide variety of healthcare organizations. Go to Source