The US Federal Bureau of Investigation issued today a warning for the US private sector about e-skimming attacksal known as web skimming, or Magecart attacks.E-skimming attacks happen following a simple pattern: (1) hackers gain access to a company’s online store; (2) hackers hidemalicious code on the company’s website; (3) the code collects payment card information from users while they’re making purchases on the infected site.
In a highly sophisticated impersonation attack, attackers impersonate a legitimate vendor, which does business with the targeted company, in order to steal money or sensitive information. uch emails are drafted so as to appear legitimate tricking unsuspicious users into making the wire payment, thereby causing financial loss.
A new malware is targeting Discord users by modifying the Windows Discord client so that it is transformed into a backdoor and an information-stealing Trojan. The Windows Discord client is an Electron application, which means that almost all of its functionality is derived from HTML, CSS, and JavaScript. This allows malware to modify its core files so that the client executes malicious behavior on startup.
Critical vulnerabilities have been discovered in the Mozilla Firefox web browser and Firefox Extended Support Release (ESR), and a high-severity bug has been reported for Google Chrome, all of which could allow for arbitrary code execution. The bugs were announced as part of larger updates (to Chrome 78 stable channel release, Firefox 70 and Firefox ESR 68.2) that also included several fixes for high-severity and moderate flaws
