-
Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign
Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration. “This tactic ensures that only valid card data is sent to the attackers, making the operation more efficient and potentially harder to detect,” Jscrambler researchers…
-
PacifiCorp make its appeal in potential $6B wildfire case
Filing with the Oregon Court of Appeals disputes verdicts and judgments that so far have the company on the hook for more than $300 million.
-
Opinion: Building a great PBJ 40 Under 40 nomination, and a great community
A University of Oregon Portland campus program illustrated the power of networking and community.
-
Portland lands 3 finalists for national James Beard Awards
This year Oregon has three national finalists for James Beard Awards and three of the five best chef Northwest finalists.
-
3 Oregonians land on Forbes billionaires list
Oregon’s three richest residents have seen their fortunes rise and fall on the annual Forbes billionaires list.
-
New verdict pushes PacifiCorp wildfire case toll past $300M
Labor Day 2020 wildfire toll rises for the Portland-based Berkshire Hathaway utility.
-
Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse
Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. “The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull…
-
Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers
Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices. For service providers, adhering to NIST
-
How SSL Misconfigurations Impact Your Attack Surface
When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights how important your SSL configurations are in maintaining your web application security and
-
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. “This malware allows attackers to execute remote shell commands and other system operations, giving them…
