Volusion breached, LokiBot spear phish, Joomla zero-day, and more.
Hi, I’m Paul Torgersen. It’s Wednesday,
October 9th, 2019 and this is a look at the information security news from overnight. From ZDNet.com:
Hackers have breached the infrastructure of Volusion, a provider of cloud-hosted online
stores, and are stealing payment card details entered by customers. The number of stores
impacted is somewhere between 6,500 and 20,000, including the Sesame Street Live store, which
has already been taken off line. From BleepingComputer.com:
Roughly 100 organizations mostly located in the United Arab Emirates, Germany, and Portugal
were targeted in a large scale spear-phishing attack trying to distribute the LokiBot information
stealer. The behavior-based machine learning in Microsoft Defender was successful is keeping
this particular attack at bay. From SCMagazine.com:
Microsoft had a relatively small batch of security updates for its October Patch Tuesday.
The update included fixes for 59 vulnerabilities, nine of them listed as critical. No zero-days
were included and no vulnerabilities that were not already disclosed. From ThreatPost.com:
Apple wasted little time snuffing out bugs in its macOS Catalina operating system, rolling
out 16 patches addressing a wide range of components such as CoreAudio, IOGraphics and
WebKit. The security fixes are exclusively for macOS 10.15; so pre-Catalina releases
of macOS will have to wait for their fixes. And last today from ZDNet.com:
A zero-day has been published for a vulnerability in older versions of the Joomla content management
system. The vulnerability impacts all Joomla versions from 3.0.0 to 3.4.6, released between
late September 2012 to mid-December 2015. If your patching is up to date, you should
be ok. That’s all for me today. Have a great rest
of your day and until tomorrow, be safe out there.