Cyber Threat Intelligence 02 January 2025
-
Malware
- DoubleClickjacking: A New Era Of UI Redressing
"“Clickjacking” attacks have been around for over a decade, enabling malicious websites to trick users into clicking hidden or disguised buttons they never intended to click . This technique is becoming less practical as modern browsers set all cookies to “SameSite: Lax” by default. Even if an attacker site can frame another website, the framed site would be unauthenticated, because cross-site cookies are not sent. This significantly reduces the risk of successful clickjacking attacks, as most interesting functionality on websites typically requires authentication. And even if by some miracle it is detected and the user tries to revoke the a malicious attacker app, it would already be too late since they could perform their actions instantly."
https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html
https://thehackernews.com/2025/01/new-doubleclickjacking-exploit-bypasses.html
Breaches/Hacks/Leaks
- Hacked On Christmas, DEphoto Starts Notifying Customers, Only To Be Attacked Again
"The threat actor known as 0mid16B contacted DataBreaches this morning to alert this site to a breach involving a U.K. photo business, DEphoto (DEphoto[.]biz). DEphoto is an established business for school, sports, club, and event photography. According to 0mid16B, they attacked DEphoto on December 25, and acquired the personal information of 555,952 customers, 429,597 orders with detailed personal information of 240,307 orders, and 16,213 records with plain text credit card details (full card numbers, expiration dates, and CVV codes). All told, they claim to have exfiltrated hundreds of gigabytes of photos and other data, including the firm’s library of photographs with customers’ children and events photos."
https://databreaches.net/2025/01/01/hacked-on-christmas-dephoto-starts-notifying-customers-only-to-be-attacked-again/
อ้างอิง
Electronic Transactions Development Agency(ETDA)
- DoubleClickjacking: A New Era Of UI Redressing
