Top Weekly Cyber News: July 21-27, 2019

Hi folks! You may find below the latest news about global incidents, threats and attacks handpicked by our super XM Cyber team of experts.
Security Affairs – Hackers inject Magecart multi-gateway skimmer in fake Google domains
July 27
Attackers deployed a Magecart credit card skimmer script into fake Google domains used to trick visitors into making online transactions. Experts at Sucuri discovered threat actors using fake Google domains hosting a Magento skimmer script used to steal payment data when unaware visitors make transactions. [More]

The Hacker News – Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)
July 26
Are you using LibreOffice? You should be extra careful about what document files you open using the LibreOffice software over the next few days. That’s because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file. [More]

Data Breach Today – Louisiana Declares Emergency After Malware Attacks
July 26
Louisiana’s governor issued an emergency declaration on Wednesday in response to a rash of malware infections, hitting some of the state’s public schools. The move will allow the state to marshal more resources to deal with the incidents. [More]

Threatpost – ‘Google’ Sites Are the Latest Ploy by Card-Skimming Thieves
July 26
A credit-card skimmer on Magento sites was found loading JavaScript from a legitimate-seeming Google Analytics domain. Malicious domains masquerading as Google sites are the latest ploy by payment card-skimming adversaries looking to dupe website visitors. [More]

Security Affairs – Johannesburg residents left in the dark after a ransomware attack at City Power
July 26
South African electric utility City Power that provides energy to the city of Johannesburg, has suffered serious disruptions after a ransomware attack. A ransomware infected systems at City Power, an electricity provider in the city of Johannesburg, South Africa, and some residents were left without power. [More]

DarkReading – Penetration Test Data Shows Risk to Domain Admin Credentials
July 23
A new analysis of data from 180 real-world penetration tests in enterprise organizations suggests that cybercriminals who manage to get a foothold on an internal network have an opportunity to then gain domain administrator access in more than three in four cases. [More]


Purple is the New Black


Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.