image Photo by Austin Distel on Unsplash

Hiding Malware in Share Buttons

Some creative individuals have found a way of hiding card skimming malware in the sharing buttons used on various websites. A timely reminder to know what 3rd parties you us and what they might be vulnerable to.

Google, Adobe, Valve and Microsoft Patches

Both Google and Microsoft emitted a slew of updates in the last week including fixes for undisclosed vulnerabilities in Chrome, Windows and Microsoft Teams.

Kmart hit in Egregor Ransomware Attack

This is a very US-centric post; however it serves to remind that Retail is a huge target at the moment:

Travel Agent drops the ball and gives away customer data on purpose, by accident

In an attempt to do something cool, a travel agent accidentally gave access to customer data to participants during a hackathon.

Managing Instance Metadata Service Data

Check Point Software posted a great article about how to manage the security of Instance Metadata in AWS; many of the points are valuable in Azure and GCP too.

Cyber Security in Healthcare

Given the times we live in; there has been a big focus over the last few months on CyberSecurity in Healthcare. This week has been no exception:

1,000,000,000,000 USD lost to Cyber Attacks in 2020

Security News points out the cost of cyber attacks this year is a huge number; yet companies are often poorly prepared.

SANS Breaks down qbot

Once again SANS have given us a great brekdown of how Qakbot/Qbot works, I really enjoy the deeply technical articles SANS posts:

PLEASE_READ_ME Reaches a Grim Milestone

Seems this year is full of grim milestones, between COVID-19 and threat actors attacking services. In the latest of these Threat Post points out that 85,000 MySQL servers have been breached having their data exfiltrated and ransomed back in a unsophisticated, yet high volume attack.