A notice (PDF) posted by the long-operating department store chain said that, between October 7 and October 15 of this year, a Magecart script was running on the checkout page of its retail website. The script was able to capture payment card details in two different ways: as it was being entered through the checkout Read more about Shopped online at Macy’s last month? Might want to toss, or at least check, that card[…]

Security company Onapsis estimates that roughly half of all companies using the Oracle EBS software have not yet patched CVE-2019-2648 and CVE-2019-2633, despite Big Red having pushed out fixes for both bugs back in April. The two vulnerabilities are found in the Thin Client Framework API and are described as reflected SQL injections. An attacker Read more about Half of Oracle E-Business customers open to months-old bank fraud flaw[…]

Indian officials acknowledged on October 30th that a cyberattack occurred at the country’s Kudankulam nuclear power plant. An Indian private cybersecurity researcher had tweeted about the breach three days earlier, prompting Indian authorities to initially deny that it had occurred before admitting that the intrusion had been discovered in early September and that efforts were Read more about Lessons from the cyberattack on India’s largest nuclear power plant – Bulletin of the Atomic Scientists[…]

Trusted Platform Module (TPM) serves as a root of trust for the operating system. TPM is supposed to protect our security keys from malicious adversaries like malware and rootkits. Most laptop and desktop computers nowadays come with a dedicated TPM chip, or they use the Intel firmware-based TPM (fTPM) which runs on a separate microprocessor Read more about Intels’ Trusted Platform Module can’t be trusted. TPM-FAIL[…]