Fraud Prevention

Fraud Prevention
Sophos 2019 Threat Report unveils the rise of the hand-delivered, targeted cyberattacks as criminals stalk victims to bank millions
Fraud PreventionFinancial MalwareDigital Risk ProtectionExecutive Monitoring

Sophos 2019 Threat Report unveils the rise of the hand-delivered, targeted cyberattacks as criminals stalk victims to bank millions

By
January 16, 2019

Oxford, U.K. – Nov. 14, 2018 – Sophos (LSE: SOPH) today propelled its 2019…

Spyware and Malware protection
Fraud PreventionHackingFinancial MalwarePhishing

Responding to Impersonators ( online fraud )

By
January 12, 2019

Falling victim to online fraud Numerous online opportunists rely on…

Firefox Monitor
Fraud PreventionDigital Risk Protection

Has that website been pwned? Firefox Monitor will tell you

By
January 8, 2019

Firefox Monitor, a breach warning site propelled by Mozilla in…

Magecart have gotten smarter with their global card-skimming tactic
Fraud PreventionHacking

Magecart have gotten smarter with their global card-skimming tactic

By
January 7, 2019

In the wake of Ticketmaster UK’s website hacking by the…

fraud
Fraud PreventionHackingExecutive Monitoring

Cloud HR Firm ComplyRight – Hacked!

By
December 25, 2018

The seriously threatening part about data intrusion and getting hacked…

IBM WebSphere is a software framework and middleware that hosts Java-based web applications. This means that it’s similar to Adobe’s Flash Player, in a way that it allows Java-based applications to run on a web browser. This also means that since it hosts Java-based content, any and all information on sessions involving such applications will be taken note of, until the next time that the Java application is accessed. This threat is performed through inserting Java-based code on an application being ran, and this code is enough to send copies of information that’s been input towards a different location. For example: you’re playing a Java-based game on your browser and made an in-game purchase. For these purchases to take effect, you will have to input your credit card information, as well as other personal information that they will keep on file. If the vulnerabilities on WebSphere have been exploited, a code has already been inserted towards the page wherein you input the said information, and sends copies of It to a location where the perpetrator has access to, hence, immediately putting your financial security at risk. This is a form of injected phishing that targets a specific platform, and millions have been victims of such an activity. The reported affected versions of WebSphere are as follows: IBM WebSphere Application Server 9.0 versions prior to 9.0.0.10, with an interim fix on version 9.0.0.9 that has since been attacked IBM WebSphere Application Server 8.5 versions prior to 8.5.5.15, with an interim fix on version 8.5.5.14 that has since been attacked IBM WebSphere Application Server 8.0 versions prior to 8.0.0.15 IBM WebSphere Application Server 7.0 versions prior to 7.0.0.45 The interim fixes have been attacked primarily due to government institutions making use of this platform. This issue is due to the unsafe handling of JAVA object de-serialization through the SOAP connector. An attacker can exploit this issue by sending a specially crafted object through the SOAP connector. Upon successful exploitation, the attacker can then have full privileges on the platform, which allows them to edit, create, delete and export data with no inhibitions. That’s a major threat. There are several preventive measures that we can apply to try and mitigate the damage this can cause: Upgrade to the latest version of IBM WebSphere Application Server Verify no unauthorised system modifications have occurred before applying any patches Apply the principle of Least Privilege to all systems and services Remind users not to visit websites or follow links that come from untrusted sources These are not absolute fixes, but these can help reduce the risk of being exposed to this vulnerability. Until IBM designs a vaccine for this threat, this would be our best course of action.
Fraud PreventionFinancial MalwareWebsite Protection

IBM WebSphere Application Vulnerability Remote Code Execution

By
December 15, 2018

IBM WebSphere is a software framework and middle ware that…

Cathay Pacific Hacked! Millions of Passenger Data Exposed
Fraud PreventionHacking

Cathay Pacific Hacked! Millions of Passenger Data Exposed

By
December 14, 2018

Hong Kong-based carrier Cathay Pacific has affirmed that it endured…

Zero-day Exploit for Microsoft's Windows10 Revealed – No Patch Yet
Fraud PreventionFinancial MalwareDigital Risk ProtectionPolicy Enforcement

Zero-day Exploit for Microsoft’s Windows 10 Revealed – No Patch Yet

By
December 3, 2018

A talented Microsoft bug seeker with an affinity for open…

Drupalgeddon 2: A Postmortem Analysis for Drupal’s Major Security Breach
Brand ProtectionFraud PreventionFinancial MalwareCryptocurrency

Drupalgeddon 2: A Postmortem Analysis for Drupal’s Major Security Breach

By
November 13, 2018

Background   Just months ago, Drupal, one of the most…

Trusted SSL/TLS Certificates: The New Tool for Domain Spoofers
UKUSEuropeFraud PreventionPhishingAustraliaDomain Names

Trusted SSL/TLS Certificates: The New Tool for Domain Spoofers

By
November 12, 2018

The holiday season is fast approaching – this is just…