At a glance.
- New Magento campaign discovered.
- Gootloader malware-as-a-service afflicts law firms.
- Researchers find security flaw affecting cryptowallets.
- Panasonic warns of increasing attacks against IoT.
- Belarusian cyberespionage campaign outlined.
- Nuisance-level DDoS by Russian hacktivist auxiliaries.
- Five cyber phases of Russia's hybrid war.
- Lessons in resilience from Ukraine's experience of hybrid war.
New Magento campaign discovered.
Akamai is tracking a new card-skimming Magecart campaign that’s been exploiting digital commerce websites since January 2023: “In early 2022, the CVE-2022-24086 vulnerability came to light, enabling attackers to exploit the Magento template engine and execute arbitrary PHP code on susceptible targets. The exploit operates through multiple steps, with common attack vectors involving the abuse of either the check-out process or the wishlist functionality. Since its disclosure, this vulnerability has emerged as a primary entry point for numerous Magecart actors who are targeting vulnerable Magento 2 shops.”