Security News

15,000 sites hacked for massive Google SEO poisoning campaign
2022-11-09 18:08

Hackers are conducting a massive black hat search engine optimization campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums. The attacks were first spotted by Sucuri, who says that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress.

New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software
2022-02-03 02:49

An ongoing search engine optimization poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. "The threat actor used 'free productivity apps installation' or 'free software development tools installation' themes as SEO keywords to lure victims to a compromised website and to download a malicious installer," researchers from Mandiant said in a report published this week.

SEO poisoning pushes malware-laced Zoom, TeamViewer, Visual Studio installers
2022-02-02 14:46

A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. These campaigns rely on the compromise of legitimate websites to plant malicious files or URLs that redirect users to sites that host malware disguised as popular apps.

New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks
2021-11-18 22:50

Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. From Kaminsky Attack to SAD DNS. DNS cache poisoning, also called DNS spoofing, is a technique in which corrupt data is introduced into a DNS resolver's cache, so that DNS queries return an incorrect response for a trusted domain and users are directed to malicious websites.

Ransomware gangs use SEO poisoning to infect visitors
2021-10-28 13:02

Researchers have spotted two campaigns linked to either the REvil ransomware gang or the SolarMarker backdoor that use SEO poisoning to serve payloads to targets. SEO poisoning, also known as "Search poisoning," is an attack method that relies on optimizing websites using 'black hat' SEO techniques to rank higher in Google search results.

Microsoft: SEO poisoning used to backdoor targets with malware
2021-06-14 16:30

Microsoft is tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan capable of stealing the victims' sensitive info and backdooring their systems. The malware delivered in this campaign is SolarMarker, a.NET RAT that runs in memory and is used by attackers to drop other payloads on infected devices.

Hackers tried poisoning town after breaching its water facility
2021-02-08 22:50

A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide, also known as lye and caustic soda, to extremely dangerous levels. The attack on the computer system at Oldsmar water treatment system happened on Friday at 1:30 PM, through a remote desktop software that allowed authorized users to troubleshoot system problems remotely.

Hacker Tried Poisoning Water Supply After Breaking Into Florida's Treatment System
2021-02-08 22:49

Hackers successfully infiltrated the computer system controlling a water treatment facility in the U.S. state of Florida and remotely changed a setting that drastically altered the levels of sodium hydroxide in the water. "At no time was there a significant effect on the water being treated, and more importantly the public was never in danger," Sheriff Gualtieri said in a statement.

Remote Hacker Caught Poisoning Florida City Water Supply
2021-02-08 22:11

U.S. law enforcement agencies are investigating a remote compromise of a Florida city's water plant, warning that the hackers tried to poison the water supply serving approximately 15,000 residents. The hack was spotted on February 5th - and neutralized - in real time by staff at the plant that supplies water to Oldsmar, a small city close to Tampa, Florida.

DNSpooq Flaws Expose Millions of Devices to DNS Cache Poisoning, Other Attacks
2021-01-20 11:37

Researchers at Israel-based boutique cybersecurity consultancy JSOF this week disclosed the details of seven potentially serious DNS-related vulnerabilities that could expose millions of devices to various types of attacks. Its DNS subsystem "Provides a local DNS server for the network, with forwarding of all query types to upstream recursive DNS servers and caching of common record types."