12 matches found
Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number
The examples in this post are actual fraud attempts found by Malwarebytes Senior Director of Research, Jérôme Segura. Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a...
CVE-2021-39347 Stripe for WooCommerce 3.0.0 - 3.3.9 Missing Authorization Controls to Financial Account Hijacking
The Stripe for WooCommerce WordPress plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases...
CVE-2021-39347 Stripe for WooCommerce 3.0.0 - 3.3.9 Missing Authorization Controls to Financial Account Hijacking
The Stripe for WooCommerce WordPress plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases...
WordPress Stripe For WooCommerce plugin 3.0.0 – 3.3.9 - Missing Authorization Controls to Financial Account Hijacking vulnerability
Missing Authorization Controls to Financial Account Hijacking vulnerability discovered by Margaux DABERT Intrinsec in WordPress Stripe For WooCommerce plugin versions 3.0.0 – 3.3.9. Solution Update the WordPress Stripe For WooCommerce plugin to the latest available version at least 3.3.10...
Stripe For WooCommerce 3.0.0 - 3.3.9 - Missing Authorization Controls to Financial Account Hijacking
The plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts...
Wind River ‘Security Incident’ Affects SSNs, Passport Numbers
Wind River Systems, which develops embedded system software, on Friday warned of a “security incident” that had exposed personnel records. One or more files were downloaded from the company’s network on or around September 29, it said. Affected data included information maintained within the...
$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail
Authorities have sentenced a hacker to eight years in prison for trafficking stolen personally identifiable information PII and online banking credentials resulting in losses totaling over $100 million. Aleksandr Brovko, 36, formerly of the Czech Republic, pleaded guilty in February to conspiracy...
ID Thieves Turn to Snail Mail as Juicy Target for Financial Crimes
As it gets harder for cybercriminals to bypass business email compromise BEC defenses, some hackers are switching from email scams to real-mail cons. Researchers at Flashpoint said they are monitoring hacker forums where criminals are swapping tips on a growing ID theft and financial crime area,...
Health Insurer Excellus Hacked; 10.5 Million Records Breached
Health Care Hacks — the choice of hackers this year! In a delayed revelation made by Excellus BlueCross BlueShield BCBS, which says that about 10.5 Millions of their clients' data and information has been compromised by hackers. Excellus BCBS headquartered in Rochester, New York, provides finance...
Threat Outbreak Alert: Fake Financial Account Statement Email Messages on October 23, 2013
Medium Alert ID: 31481 First Published: 2013 October 24 17:04 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account statement for the recipient. The text in the email message attempts to convince the recipient to op...
Data Breach Affects Two Million NY Customers, State Commission to Investigate
The New York State Public Service Commission announced yesterday they’ll be looking into a data breach that may have exposed the personal information of almost two million customers to unknown attackers. An employee from a software consulting firm contracted by New York State Electric & Gas NYSEG...
Information disclosure through cache collisions — Mozilla
Aad reported that two web pages can collide in the disk cache with the result that depending on order loaded the end of the longer document can be appended to the shorter when the shorter is reloaded from the cache. It is possible a determined hacker could construct a targeted attack to steal som...