Security News

Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service
2022-04-13 21:21

"The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites," Avast researchers Pavel Novák and Jan Rubín said in a report published last week. Earlier this January, the BlackBerry Research and Intelligence Team detailed another TDS called Prometheus that has been put to use in different campaigns mounted by cybercriminal groups to distribute Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish malware.

Steady rise in severe web vulnerabilities
2022-04-08 03:30

Invicti Security released a research which reveals a rise in severe web vulnerabilities and the need for executive leaders to intertwine their application security and digital transformation efforts to reduce risk. The report examines web vulnerabilities from over 939 customers worldwide and was derived from the largest data set yet, with more than 23 billion security checks executed on customer applications uncovering over 282,000 direct-impact vulnerabilities.

Malicious web redirect service infects 16,500 sites to push malware
2022-04-07 18:45

Parrot's use is for malicious campaigns to redirect potential victims matching a specific profile to online resources such as phishing and malware-dropping sites. Threat actors running malicious campaigns buy TDS services to filter incoming traffic and send it to a final destination serving malicious content.

Feds slay dark-web souk Hydra: Servers and $25m in crypto-coins seized
2022-04-05 23:12

First, German federal police in coordination with US law enforcement seized Hydra servers and cryptocurrency wallets containing $25 million in Bitcoin, thus shutting down the online souk. Later on Tuesday, the US Justice Department announced criminal charges against one of the alleged Hydra operators and system administrators, 30-year-old Dmitry Olegovich Pavlov of Russia.

New Python-based Ransomware Targeting JupyterLab Web Notebooks
2022-04-01 01:09

Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser. "The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack," Assaf Morag, a data analyst at Aqua Security, said in a report.

Phishing uses Azure Static Web Pages to impersonate Microsoft
2022-03-31 22:28

Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps code repositories.

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security
2022-03-31 08:27

A zero-day remote code execution vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit versions 9 and later and is a bypass for another vulnerability tracked as CVE-2010-1622, enabling an unauthenticated attacker to execute arbitrary code on the target system.

Posts on name-and-shame dark web leak sites climbed 85% in 2021
2022-03-30 04:30

Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to dark web leak sites where they pressured victims to pay up by threatening to release sensitive data, according to a research released from Unit 42 by Palo Alto Networks. The Conti ransomware group was responsible for the most activity, accounting for more than 1 in 5 of cases worked by Unit 42 consultants in 2021.

Web vendor CafePress fined $500,000 for giving cybersecurity a low value
2022-03-21 19:55

The breach, says the FTC, saw hackers make off with more than 20,000,000 plaintext email addresses and weakly-hashed passwords; millions of unencrypted names, physical addresses, and security questions-and-answers; more than 180,000 unencrypted SSNs; and, for tens of thousands of payment cards, the last four digits of the card plus the expiry date. Misrepresenting the steps it took to secure consumer accounts following security incidents.

SolarWinds warns of attacks targeting Web Help Desk instances
2022-03-16 20:18

SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk instances and advised removing them from publicly accessible infrastructure. "A SolarWinds customer reported an external attempted attack on their instance of Web Help Desk 12.7.5. The customer's endpoint detection and response system blocked the attack and alerted the customer to the issue," SolarWinds said.