Information Management Today

SEO Poisoning Attacks on Healthcare Sector Rising, HHS Warns

Data Breach Today

JUNE 23, 2023

Search Scams Luring Users to Malware-Infected Sites Are Often Tricky to Detect Search engine optimization poisoning attacks, which involve intentionally manipulating search results to lead users onto malware-laced websites, are on the rise in the healthcare sector, U.S. federal regulators warn.

Burger King forgets to put a password on their systems, again

Security Affairs

AUGUST 2, 2023

Recently, the Cybernews research team uncovered that Burger King in France exposed sensitive credentials to the public due to a misconfiguration on their website. As the affected website served for job applications, people who sought employment at Burger King in France might have been potentially affected.

Passwords

Passwords Analytics Access Risk

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. citizenlab in coordination with @Google ’s TAG team found that former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s #Predator #spyware through links sent via SMS and WhatsApp. .

Security

Security Risk Government IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military

Military Phishing File names Government

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Security Affairs

JUNE 19, 2022

A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites. The vulnerability resides in the Merge Tag feature of the plugin. “Without providing too many details on the vulnerability, the Merge Tag functionality does an is_callable() check on a supplied Merge Tags.”When

Cybersecurity

Cybersecurity Security IT Information Security

Millions of sites could be hacked due to flaws in popular WordPress plugins

Security Affairs

MARCH 19, 2021

Experts found vulnerabilities in two WordPress plugins that could be exploited to run arbitrary code and potentially take over a website. Security researchers disclosed vulnerabilities in Elementor and WP Super Cache WordPress plugins that could be exploited to run arbitrary code and take over a website under certain circumstances.

Authentication

Authentication Security Access IT

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

” reads the post published by TAG. TAG determined that the APT group abused the zero-day vulnerability in the JScript engine of Internet Explorer. An attacker can exploit the flaw to execute arbitrary code when the victim visits an attacker-controlled website. CVE-2017-0199 ). Pierluigi Paganini.

IT

IT Security Information Security

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The watering hole campaign targeted websites of a media outlet and important pro-democracy labor and political group. Pierluigi Paganini.

Encryption

Encryption IT Security Information Security

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers observed a new Magecart web skimming campaign changing the websites’ default 404 error page to steal credit cards. Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code.

Retail

Retail IT Security Information Security

North Korea-linked hackers target security experts again

Security Affairs

MARCH 31, 2021

Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. Experts noticed that the website used in this campaign has a link to a PGP public key which is the same that was found on attackers’ blog in a campaign spotted in January.

Security

Security Cybersecurity IT

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Security Affairs

JUNE 5, 2023

A new ongoing Magecart web skimmer campaign abuse legitimate websites to act as makeshift command and control (C2) servers. Magecart attacks target e-commerce websites, the name “Magecart” is derived from the malicious code (JavaScript) typically injected by the attackers into compromised websites.

CMS

CMS Retail Analytics IT

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Archiving

Archiving Access Risk Security

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Security Affairs

APRIL 2, 2024

The WP-Members Membership Plugin is currently installed on over 60,000 WordPress websites. Then the attacker can modify the raw request to contain an X-Forwarded-For header set to a malicious payload enclosed in script tags. Webbernaut received a $500 bounty. ” reads the advisory published by Wordfence.

Access

Access IT Information Security Security

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Ransomware Education

Balada Injector still at large – new domains discovered

Security Affairs

AUGUST 9, 2023

How Ballada Injector works The starting point of the research that ensued following the discovery was a website at address spatialreality[.]com The address led to what appeared to be a WordPress-powered website, which, upon visiting, downloaded a PHP file onto the user’s computer instead of serving the landing page.

Access

Access IT Security Information Security

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict

Security Affairs

MARCH 13, 2022

March 9 – Multiple Russian government websites hacked in a supply chain attack. Threat actors hacked Russian federal agencies’ websites in a supply chain attack involving the compromise of a stats widget. March 9 – Anonymous hacked Russian cams, websites, announced a clamorous leak.

Blockchain

Blockchain Phishing Military Passwords

Reuters: Russia-linked APT behind Brexit leak website

Security Affairs

MAY 28, 2022

Russia-linked threat actors are behind a new website that published leaked emails from leading proponents of Britain’s exit from the EU, the Reuters reported. The post Reuters: Russia-linked APT behind Brexit leak website appeared first on Security Affairs. ” reported the Reuters. Pierluigi Paganini.

Cybersecurity

Cybersecurity Authentication Security IT

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

Security Affairs

JANUARY 25, 2022

The investigation started in November after Google TAG published a blogpost about watering-hole attacks targeting macOS users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong.

Authentication

Authentication Security IT Information Security

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

JUNE 30, 2021

Given the dynamic nature of websites today and the constantly changing integrations to a site, this implicit trust model no longer suffices. So what does the average modern website look like? More than 70 percent of the content that loads on an end user’s browser does not come from the website’s server at all.

IT

IT Risk Mining Analytics

Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict

Security Affairs

APRIL 3, 2022

Mar 31 – Google TAG details cyber activity with regard to the invasion of Ukraine. The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. Mar 29 – Compromised WordPress sites launch DDoS on Ukrainian websites.

Personal data

Personal data Phishing Security IT

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

APRIL 30, 2024

As part of the order, the company agreed to post “clearly and conspicuously” on its websites and apps for the next two years: Between October 2019 and [date], we shared the personal of information of consumers visiting our website and apps with other companies without their permission.

Personal data

Personal data Privacy Information governance Compliance

China: new rules on use of algorithms for digital business, data analytics and decision-making

DLA Piper Privacy Matters

JANUARY 19, 2022

The new “Administrative Regulations on Algorithm Recommendation of Internet Business Services” comes into force on 1 March 2022, and will introduce important rules on the use of algorithms when operating digital platforms/websites/apps – including targeted marketing – in China.

Analytics

Analytics Sales Business Services Compliance

RomCom RAT attackers target groups supporting NATO membership of Ukraine

Security Affairs

JULY 10, 2023

Threat actors aimed at engaging the victims into clicking on a specially crafted replica of the Ukrainian World Congress website. The attackers used typosquatting techniques to masquerade the fake website with a.info suffix and make it look legitimate. Real Domain Fake Domain ukrainianworldcongress[.]org org ukrainianworldcongress[.]info

Phishing

Phishing Government IT Security

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks

Security Affairs

APRIL 15, 2019

In this case, attackers used a common HTML5 attribute, the <a> tag ping, to trick these users to unwittingly participate in a major DDoS attack that flooded one web site with approximately 70 million requests in four hours.” This was the first case of a DDoS attack using the <a> tag ping attribute.

Security

Security IT

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization.

Phishing

Phishing Cloud Government Education

News alert: DigiCert extends cert management platform to support Microsoft CA, AWS Private CA

The Last Watchdog

AUGUST 8, 2023

With support for Microsoft CA and AWS Private CA, DigiCert Trust Lifecycle Manager enables discovery, issuance, automation and revocation, including the ability to tag, filter and apply policy to imported and discovered third-party digital certificates. DigiCert ® ?ONE

Authentication

Authentication Cloud Communications Government

Crooks used rare Steganography technique to hack fully patched websites in Latin America

Security Affairs

JULY 28, 2019

Experts at Trustwave observed threat actors using a rare technique to compromise fully patched websites. Security experts at Trustwave observed threat actors using a rare steganography technique, attackers are hiding PHP scripts in Exchangeable Image Format (EXIF) headers of JPEG images that are uploaded on the website. S igler added.

GDPR

GDPR Security IT Information Security

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

Security Affairs

NOVEMBER 15, 2019

Visa Payment Fraud Disruption warns of a new JavaScript skimmer dubbed Pipka used to siphon payment data from e-commerce merchant websites. Visa Payment Fraud Disruption warns of a new JavaScript skimmer dubbed Pipka that was used by crooks to steal payment data from e-commerce merchant websites. Pierluigi Paganini.

Encryption

Encryption IT Security Information Security

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Security Affairs

MAY 23, 2022

SEKOIA researchers started their investigation after the publication of Google’s Threat Analysis Group (TAG)’s report “ Update on cyber activity in Eastern Europe ” which detailed the activity of nation-state actors against Eastern Europe. org typosquatting www.baltdefcol.org, Baltic Defense College’s website.

Government

Government Communications Cybersecurity Security

Massive iPhone Hack Targets Uyghurs

Schneier on Security

SEPTEMBER 3, 2019

Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. released on February 7.).

Government

Government IT

Researcher hacked Apple AirTag two weeks after its launch

Security Affairs

MAY 11, 2021

” reported the 9to5Mac website. The researcher explained that has found a way to modify the tracker software running on the tag, he was able to modify its NFC URL. The regular item tracker used in the test opens the Find My website, while the modified one opens an arbitrary URL that was chosen by the expert.

IT

IT Security Access Cybersecurity

CSRF flaw in WordPress potentially allowed the hack of websites

Security Affairs

MARCH 14, 2019

An attacker can hack a website running a vulnerable version of WordPress that has comments enabled by tricking an administrator of a target site into visiting a website set up by the attacker. The exploitation of the flaw allows even an unauthenticated, remote attacker to compromise a website and remotely execute code on it.

Security

Security IT

Google report on iPhone hack created ‘False Impression,’ states Apple

Security Affairs

SEPTEMBER 7, 2019

At the end of August, researchers at Google Project Zero published an analysis that claims it was possible to hack iPhone devices by visiting specially crafted websites. Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. reads the report published by Google.

Security

Security IT Information Security

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Spur.us , a startup that tracks proxy services, told KrebsOnSecurity that the Internet addresses Lumen tagged as the AVrecon botnet’s “Command and Control” (C2) servers all tie back to a long-running proxy service called SocksEscort. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service.

Analytics

Analytics Passwords Systems administration Retail

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

Security Affairs

FEBRUARY 12, 2024

Imagine walking into a virtual masquerade ball; the mask you choose—whether the suave residential or the discrete datacenter—determines how you interact with other guests (websites) and how hosts (servers) perceive you. Imagine a scenario where you’re validating the integrity of your website by performing numerous stress tests.

Marketing

Marketing Authentication Privacy Access

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

Security Affairs

MAY 7, 2021

The Cloud Password that allows to login on Hideez’s website, Laptop’s credentials, Website login user and password are ALL IN PLAINTEXT! RFID Feature: One clue still left (from a hardware security POV) was about the RFID tag. At this point, I will let the good-old Arny express my feelings. meh…).

Security

Security Passwords Encryption Access

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

SEPTEMBER 6, 2021

The current website for Saim Raza’s Fud Tools (above) offers phishing templates or “scam pages” for a variety of popular online sites like Office365 and Dropbox. The We Code Solutions website. A review of the hosting records for the company’s website wecodesolutions[.]pk

Phishing

Phishing IT Passwords Cloud

Catches of the Month: Phishing Scams for December 2022

IT Governance

DECEMBER 8, 2022

Users who follow the link are redirected to a website that reads: “Biggest giveaway crypto of $100,000,000. The video directed viewers to visit a website where they could enter a giveaway to win cryptocurrency. The email contained a link that redirected the user to a bogus website that was designed to capture their login credentials.

Phishing

Phishing Education Personal data Authentication

Microsoft released an out-of-band patch to fix Zero-day flaw exploited in the wild

Security Affairs

SEPTEMBER 24, 2019

In order to exploit the vulnerability, an attacker could host a specially crafted website that is designed to trigger the flaw when Internet Explorer users will visit it. The flaw was reported by Clément Lecigne of Google’s Threat Analysis Group (TAG). Lecigne and Google’s TAG did not disclose the technical details of the exploit.

Access

Access Security IT Information Security

Zeppelin ransomware gang is back after a temporary pause

Security Affairs

MAY 24, 2021

Zeppelin was first discovered in November, at the time it was distributed through watering hole attack in which the PowerShell payloads were hosted on the Pastebin website. The malware was available for sale at a price tag of $2,300 per core build, but they offered individual conditions to their subscribers.

Ransomware

Ransomware Encryption Sales Security

Magecart gang hides PHP-based web shells in favicons

Security Affairs

MAY 14, 2021

Magecart hackers are distributing malicious PHP web shells hidden in website favicon to inject JavaScript e-skimmers into online stores and steal payment information. Researchers from Malwarebytes observed threat actors, likely Magecart Group 12, using this technique in attacks aimed at online stores running on Magento 1 websites.

File names

File names Cybersecurity Security Access

Security Affairs newsletter Round 357 by Pierluigi Paganini

Security Affairs

MARCH 13, 2022

If you want to also receive for free the newsletter with the international press subscribe here.

Security

Security Data breaches Ransomware Manufacturing

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

” PFD experts found the Baka skimmer on several merchant websites across the world that are using Visa’s eTD capability. The Baka loader works by dynamically adding a script tag to the current page that loads a remote JavaScript file. that was used by crooks to steal payment data from e-commerce merchant websites.

e-Delivery

e-Delivery Encryption Passwords Authentication

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Security Affairs

APRIL 19, 2020

Each Webkinz toy has an attached tag with a unique “Secret Code” printed on it that allows you to play with your pet in the “ Webkinz World” website. According to ZDNet, the incident took place earlier this month, threat actors exploited a SQL injection issue affecting one of the website’s web forms.

Passwords

Passwords Data breaches Encryption IT

SEO Poisoning Attacks on Healthcare Sector Rising, HHS Warns

Burger King forgets to put a password on their systems, again

Webinars

Trending Sources

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Webinars

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Millions of sites could be hacked due to flaws in popular WordPress plugins

APT37 used Internet Explorer Zero-Day in a recent campaign

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

A new Magecart campaign hides the malicious code in 404 error page

North Korea-linked hackers target security experts again

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Google TAG shares details about exploit chains used to install commercial spyware

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Google TAG warns of Russia-linked APT groups targeting Ukraine

Balada Injector still at large – new domains discovered

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict

Reuters: Russia-linked APT behind Brexit leak website

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict

$10,000,000 civil penalty for disclosing personal data without consent

China: new rules on use of algorithms for digital business, data analytics and decision-making

RomCom RAT attackers target groups supporting NATO membership of Ukraine

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks

China-linked APT41 group spotted using open-source red teaming tool GC2

News alert: DigiCert extends cert management platform to support Microsoft CA, AWS Private CA

Crooks used rare Steganography technique to hack fully patched websites in Latin America

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Massive iPhone Hack Targets Uyghurs

Researcher hacked Apple AirTag two weeks after its launch

CSRF flaw in WordPress potentially allowed the hack of websites

Google report on iPhone hack created ‘False Impression,’ states Apple

Who and What is Behind the Malware Proxy Service SocksEscort?

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

“FudCo” Spam Empire Tied to Pakistani Software Firm

Catches of the Month: Phishing Scams for December 2022

Microsoft released an out-of-band patch to fix Zero-day flaw exploited in the wild

Zeppelin ransomware gang is back after a temporary pause

Magecart gang hides PHP-based web shells in favicons

Security Affairs newsletter Round 357 by Pierluigi Paganini

Visa warns of new sophisticated credit card skimmer dubbed Baka

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Stay Connected