Magento is an open source ecommerce platform that offers flexible solutions, is a vibrant extension marketplace, and has an open global ecosystem. Magento is based off of the Zend Framework and PHP. Magento is considered to be the leading platform within the ecommerce market. In less than 10 years, Magento has had massive success rolling out its solutions to small at home/startup business to multinational conglomerates. Magento's popularity is similar to that of other popular open-source…
All Articles (126)
Researchers at Bitdefender have identified a new Android malware titled, Triout which acts as a framework for turning legitimate applications into spyware. It is used to inject extensive surveillance capabilities into seemingly benign applications. Triout is found bundled with a repackaged app; with capabilities including recording phone calls, logging incoming text messages, recoding videos, taking pictures and collecting GPS coordinates. Then broadcasting all of that back to an…
Government researchers believe Chinese state-sponsored actors (APT) are likely to engage in cyber espionage activities targeting the US semiconductor industry. This to help improve domestic production and reduce China’s reliance on US-made semiconductors, as laid out in its “Made in China” (MIC) 2025 plan. Recently lifted sanctions against Chinese company ZTE, highlight China’s reliance on US semiconductors. The US blocking of Chinese acquisition of US semiconductor firms likely undercut…
Conventional cyber wisdom says that social engineering and phishing involves a user only clicking on bad links. A large percentage of social engineering attacks do invite users to click on bad links and this action can definitely have consequences, yet many of the highest profile social engineering attacks have absolutely nothing to do with links and nothing to do with “clicking.”
Some of the most damaging social engineering attacks often consist of a hacker’s patient collection of…
DeepLocker is a class of malware that use AI (Artificial Intelligence) to infect a victim’s system. DeepLocker was developed and launched by an IBM research group.[1] Their concept is artificial intelligence can automatically detect and combat malware to effectively stop cyber-attacks before they impact an organization. This positive concept can now theoretically be used in reverse and weaponized by bad actors. This to…
Cyber actors are targeting US critical infrastructure using a malicious attachment leveraging the “shellshock” vulnerability based on historical and current investigative analysis. The same tactics, techniques and procedures (TTPs) could be used against other US critical infrastructure sectors. US authorities are is providing the following indicators of compromise, identified malicious code, and suspect internet protocol (IP) addresses to assist receiving organizations’ computer network…
Foreshadow flaws are revealed in Intel’s Core and Xeon range of processors. Alternatively known as L1 Terminal Fault or L1TF include three new speculative execution[1] side channel vulnerabilities. The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or…
Small businesses account for almost 50% of all current cyber-attacks. This is a growing trend. Proper cyber protection is needed.
Some small-business owners assume that the size of their company makes it an unlikely target for cyber adversaries. That may have been true in the past, but it is no longer the case. The increase in targeting small business began around 2011 and counted for approximately one-fifth of all cyber-attacks. Currently this number has risen to almost a half of…
A Great Britain researcher has discovered a combination of a 419 scam and a Java Adwind / Java Jrats trojan malware delivery. Java Adwind delivered by fake financial emails or by fake parcel delivery notices is a common 419 tactic, yet this may be a new approach deploying a traditional scam with the Java Adwind malware.[1]
Java Adwind[2] is a very…
SamSam is an example of a manually controlled ransomware, which has been recently identified by researchers.[1] SamSam ransomware is unique in its nature due to targeted victims and large ransom demands. The ransomware is active since December 2015 and large organizations including the City of Atlanta, Colorado Department of Transportation, several hospitals and educational institutions, have been successfully…
Researchers have identified six vulnerabilities in the Antenna House Office Server Document Converter (OSDC).[1] Antenna House Office Server Document Converter is a product designed to convert Microsoft Office documents into PDF and SVG type documents. The vulnerabilities are used to remotely execute code on a vulnerable system. The vulnerabilities identified are exploited to a locally execute code, or can even be accomplished remotely,…
