Security daily (09-04-2020)

Report: Travelex paid hackers $2.3 million worth of Bitcoin after ransomware attack

Travelex reportedly paid US $2.3 million worth of Bitcoin to the REvil ransomware gang, who had threatened to publish personal data of customers stolen from the foreign currency exchange service. (Graham Cluley)

Zoom takes action after meeting IDs leak in careless screenshots

The video-conferencing app Zoom has been updated to remove the display of meeting IDs from its title bar, after a series of high profile privacy blunders by those sharing screenshots of their online meetings. Read more in my article on the Hot for Security blog. (Graham Cluley)

Smashing Security #173: 5G fiascos, Zoom gloom, and butt biometrics

We take a look at the stinky backside of surveillance, gas about the latest video-conferencing threats, and jump into the murky world of 5G conspiracy theories. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast, with special guest technology broadcaster David McClelland. (Graham Cluley)

Analysis of a WordPress Credit Card Swiper

While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card swiper injection. Typically this type of malware targets dedicated ecommerce platforms such as Magento and Prestashop (due to their focus in handling payment information, which we have documented extensively in the past). With WooCommerce recently overtaking all other ecommerce platforms in popularity it was only a matter of time before we started seeing attackers target this platform more frequently. Continue reading Analysis of a WordPress Credit Card Swiper at Sucuri Blog. (Sucuri Blog)

7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic

In our previous stories, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of your money.

Unfortunately, to some extent, it's working, and that's because the attack surface is changing and expanding rapidly as many (The Hacker News)