[Weekly Security News] Cyber attacks that will make you nervous until the end of the year

by

[Weekly Security News] Cyber attacks that will make you nervous until the end of the year

[December 27 2023]

1. Xfinity hack could compromise user information from 36 million customers, state AG says

Hackers stole some customer information of Xfinity by compromising a vulnerability in its 3rd party. Xfinity was awarded this accident in October and concluded on Dec. 6 that usernames and passwords for some customers were stolen along with names, contact information, and last four digits of social security numbers.

Source : ABC News

 

2. Something nasty injected login-stealing JavaScript into 50K online banking sessions

IBM Security announced that 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious s/w in 2023. It appears the Windows malware DanaBot, or something related or connected to it, infects victims’ PCs and then waits for the user to visit their bank website. At that point, the malware kicks in and injects JavaScript into the login page. This injected code can be passed to the fraudsters to exploit to drain accounts when users enter their credentials.

Source : The Register

 

3. Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon.The evolved malware excels in executing Device Takeover (DTO) using the accessibility service. Both malicious artifacts distributing Chameleon masquerade as the Google Chrome web browser.

Source : The Hacker News

 

A fully managed WAAP (Web Application and API Protection) service, Cloudbric WAF+, provides advanced protection against ever-growing web security threats such as malware, viruses, ransomware, and DDoS attacks. Using a logic-based detection engine and patented deep learning engine, Cloudbric WAF+ ensures maximum protection against emerging threats.

Find more information about Cloudbric WAF+ from the Cloudbric Service website!

 

Check out Cloudbric product lines:

No.1 in the Asia Pacific – WAF with A.I & Logic-based detection engine: Cloudbric WAF+

Zero Trust Network Access-based Remote Access Solution: Cloudbric RAS

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Blockchain: Blockchain Security Solution

Click here for inquiries regarding the partner system

Make sure to follow us on our social media platforms (LinkedIn, Twitter, and Facebook)