Apr 10, 2023Ravie LakshmananWeb Security / Malware Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites. The attacks are known to play … [Read more...] about Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign
Sites
U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
Mar 25, 2023Ravie LakshmananCyber Crime / DDoS Attack In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to … [Read more...] about U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
Mar 24, 2023Ravie LakshmananWeb Security / WordPress Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It … [Read more...] about Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses
As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed at the … [Read more...] about 1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses
Protecting Users from Malicious Sites with Falcon for Mobile
Introduction Today, mobile devices are ubiquitous within enterprise environments. But with their proliferation, it provides adversaries with yet another attack surface with which they can target users and cause a breach. From phishing attacks to malicious apps, mobile users tend to let their guard down and potentially click on obfuscated links to malicious sites. Falcon for … [Read more...] about Protecting Users from Malicious Sites with Falcon for Mobile
KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting "dozens of known vulnerabilities" to target widely-used content management systems (CMS). The "KashmirBlack" campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, … [Read more...] about KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General
The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the assassination of Iranian major general Qasem Soleimani earlier this January.Behzad Mohammadzadeh (aka Mrb3hz4d), 19, and Marwan Abusrour (aka Mrwn007), 25, have been charged with conspiracy to commit intentional damage to a … [Read more...] about 2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the … [Read more...] about New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources.The issue affects reverse proxy cache systems like Varnish and some widely-used Content Distribution … [Read more...] about New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
Chrome for Android Enables Site Isolation Security Feature for All Sites with Login
After enabling 'Site Isolation' security feature in Chrome for desktops last year, Google has now finally introduced 'the extra line of defence' for Android smartphone users surfing the Internet over the Chrome web browser.In brief, Site Isolation is a security feature that adds an additional boundary between websites by ensuring that pages from different sites end up in … [Read more...] about Chrome for Android Enables Site Isolation Security Feature for All Sites with Login