I've written about Magecart compromise of customer data at Sophias Style (who've been informed) - the Javascript used is supplied differently server side depending on which page you're browsing from, to hinder security research doublepulsar.com/magecart-new-t… This is the code you see on a non-cart page vs the code supplied when you register and go on a payment page. Exactly same .js URL.

Well crap. It looks like JavaScript library Feedify got owned and were serving Magecart 😬 any comment @_Feedify?

https://twitter.com/placebo52510486/status/1039585013057118209

Check out the regex, looking for generic checkout processes 😬

US gov report into Equifax breach, 40 pages, worth a read. They essentially had a lack of asset inventory, vulnerable infrastructure, and failures in SecOps (eg vuln mgmt didn’t identify Struts issue, 10 month expired certificate so no monitoring etc) gao.gov/assets/700/694… The expired certificate is likely going to be IDS not working - if you can afford SSL decryption (you want to budget for this ideally) somebody has to maintain the SSL certs for in line decryption, so you have to budget for that too.

Next Gen AV vs My Shitty Code time :D Watching James pop Metasploit shells without issue on next gen products from Cylance, Symantec, Sophos InterceptX, ESET, McAfee.

There’s a new CPU vulnerability with a website, logo (free to use), website with no mitigation advice etc. Spin up the Vulnerability Hype Train while I analyse. foreshadowattack.eu Re Foreshadow, “With the August, 2018 Windows security updates applied... any attempt to read from it using L1TF will fail.”
blogs.technet.microsoft.com/srd/2018/08/14…

Re hotel issue at Black Hat and DEF CON. I think both orgs should work together to agree clear standards for room entry with all venues. If venues don’t agree to generally accepted terms, they should not be venues. Pragmatically organisers will need to accept certain things and communicate these to attendees. But some things are really important - eg room entry by security while attendee in room needs clear ID, with hotel security phone # to verify creds *before entry*.

Imagine sitting in a company, writing this in Word, attaching it in Outlook and hitting Send. 😂😂😂😂😅

https://twitter.com/awprokop/status/1029156358329905153

List of “rolls” I want, in rank order: 1) Dark Blockchain Wrangler 2) bread roll taster 3) 3rd penguin in Pingu 4) Shadow Broker broker 5) head of letter head design 6) new Tellytubby in Tellytubby reboot 7) the fanciest of bears 8) Morgan Freeman

I’ve never seen Hackers and just found it on Netflix. I’m gonna watch it now. The racist TV show at the beginning of Hackers going on about “blacks” was called “America First”.

This is going to backfire. West Virginia are moving to mobile phone voting for this midterm elections - software is a ‘Blockchain voting system’ by “Votez”, a 2018 startup with $2m of funding money.cnn.com/2018/08/06/tec… The Voatz website is running on a box with out of date SSH, Apache (multiple CVSS 9+), PHP etc. shodan.io/host/54.164.75…

Will be interesting to see if we found out what happened here. Their website, email and phone system still offline. supplychaindive.com/news/COSCO-US-… Yikes, the Cosco shipping ransomware issues are so bad they are using free Yahoo.com email addresses and Twitter to communicate with customers

Inbenta’s JavaScript library compromised, it was embedded on Ticketmaster’s payment processing page security.ticketmaster.co.uk I’ve tweeted about this a few times prior and should really do a write up. Here’s the short version: compromise 3rd party JavaScript embedded in payment page. Use JavaScript to silently copy credit card info, including CV2 data, to attacker server. Nobody notices for months.

Recommended life sentence for murder in UK (as we set terms) is 30 years, so technically MWT is facing just over two life sentences for allegedly writing some malware which allegedly made $5k and has no US victims. The complete lack of UK gov protest over this case is not okay.

External Tweet loading...
If nothing shows, it may have been deleted
by @malwaretechblog view original on Twitter

For reference.