The Australian Signals Directorate urges enterprises to look to their defenses against Emotet and BlueKeep, which are showing renewed levels of attention by threat actors in the wild.
As the holiday season approaches, new attacks on retail and e-commerce begin to take shape. PerimeterX has found two new carding bots, "Canary Bot," which exploits major e-commerce platforms, and "Shortcut Carding Bot," which exploits card payment vendor APIs, bypassing e-commerce websites. This form of carding, PerimeterX notes, aims at validating cards by making small purchases. Canary Bot is interesting for the way it mimics user behavior, filling a shopping cart and heading for the online checkout.
Bitdefender reports finding a flaw in the Amazon Ring doorbell security system that could expose users' WiFi credentials. Amazon has pushed an automatic security update that fixes the problem.
The US Attorney for the Eastern District of New York has filed charges against Long Island-based Aventura Technologies Ltd. The Government alleges that the company sold Chinese-made security and surveillance equipment falsely marked as "made in USA." The charges cover "fraud, money laundering and illegal importation of equipment manufactured in China." The agencies cooperating in the investigation suggest the scope of the alleged fraud: the FBI, US Customs and Border Protection, the Internal Revenue Service, the US Air Force Office of Special Investigations, the Naval Criminal Investigative Service, the Defense Criminal Investigative Service, the Inspector General of the General Services Administration, the Treasury Inspector General for Tax Administration, and the Inspector General, U.S. Department of Energy.