User’s not understanding what secure configurations are, is the first step towards a cyber security incident. UPDATED

code

This original post was made on 23 August 2022 Update 21 October 2022 There has been another “mis-configuration story this week – Microsoft exposed thousands of client records when they mis-configured a server. Following a report in the summer of patient information leaking from a health care company because of …

If there is way for threat actors to abuse legitimate tools, of course they do it!

Google’s Tag Manager (GTM) is a system for managing HTML and Javascript analytic tags on website, especially ecommerce sites. A report by The Recorded Future has found that threat actors have been installing malicious e-skimmers scripts that can steal customer card data and other personally identifiable information exploiting GTM. Google …

Do you use FishPig ecommerce software? You don’t know. Then check now because it may have been compromised.

This is a classic supply chain attack. UK based FishPig, seller of Magento WordPress integrations, ecommerce software has discovered that its distribution server had been compromised, which allowed threat actors backdoor access to the customer’s systems. The ecommerce software is believed to be used by more than 200,000 websites. Breach …