As the holiday shopping season kicks off, threat actors are leveraging numerous advanced techniques to compromise shopping websites and exploit increased purchasing activity, according to SC Media.
Aside from increasingly using artificial intelligence-based phishing lures to impersonate retailers and banks, attackers have also strengthened efforts to create websites spoofing Amazon, Walmart, and other trusted organizations, a Fortinet FortiGuard Labs report showed.
Vulnerable Adobe Commerce, WooCommerce, and Shopify instances have also been targeted with remote code execution exploits enabling admin access and sniffer injections to compromise customer information. This is often accompanied by mounting sales of exfiltrated credit card details, phishing kits, and breached e-commerce site databases.
Increasing vulnerability to "algorithm poisoning" should prompt retailers and enterprises to be more vigilant of potential API anomalies, noted Sectigo Senior Fellow Jason Soroko. Meanwhile, Zimperium's Vice President of Threat Intelligence Krishna Vishnubhotla is urging organizations to strengthen email security through the adoption of zero-trust.
As always, drop me a line at [email protected] if you have news to share or want to say hi!
Grab your coffee. Here's what you need to know today.
Today’s Tech, Channel and MSP News
1. Valiantys launches new GRC solution: IT consulting firm Valiantys last week launched a new governance, risk and compliance (GRC) solution aimed at helping organizations comply with impending Digital Operational Resilience Act (DORA) legislation, set to go into effect in early 2025. The Valiantys GRC Solution, powered by HYCU, Lansweeper, and Appfire, offers a comprehensive approach to the challenges posed by DORA, especially in new areas of third-party risk management and operational resilience.
2. Skyhawk Security adds interactive CDR: Skyhawk Security announced this week that it is adding an interactive cloud threat detection and response capability to its platform. The new capability adds real-time user interaction to verify suspicious activity of both human and non-human identities (NHIs) that are the root cause source of the alert. This closes context gaps between SOCs, cloud teams and identity owners, which reduces the load on the SOC, dramatically shortens Mean Time to Respond (MTTR), better protects against cloud breaches and aligns with zero trust frameworks, the company said.
3. Cloudflare loses logs: Almost 55% of Cloudflare Logs customers had their event logs discarded within a 3.5-hour timeframe on November 14 due to a vulnerability in Cloudflare's logpush service, which enables extensive traffic analysis for malicious activity detection and investigation, BleepingComputer reports. The issue stemmed from a series of errors with a faulty Logfwdr configuration update that mistakenly provided a 'blank configuration' notice, prompting the removal of logs as its failsafe system forwarded all logs to the distributed buffering system Buftee. That resulted in delivery of 40 times more logs than intended, which caused Buftee to shut down.
4. Cloud services alerts rise: ReliaQuest’s quarterly attacker trends report shows that cloud services alerts increased by 20% due to rising cloud account usage during the quarter. "SocGholish" and "LummaC2" were the most frequently observed malware in customer incidents.
In-Person MSP and Channel Partner Events
- AWS re:Invent 2024, December 2-6, Las Vegas, Nevada