Security News

More than 100,000 web pages hosted by Google Sites are being used to trick netizens into opening business documents booby-trapped with a remote-access trojan that takes over victims' PCs and hands control to miscreants. Infosec outfit eSentire on Tuesday said it has noted a wave of so-called search redirection shenanigans, in which people Googling for business forms and the like are shown links to web pages published via Google Sites - a Google-hosted web service - that offer a download of whatever materials they were looking for.

A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers' owners. On March 2nd, Microsoft released a series of Microsoft Exchange security updates for vulnerabilities actively exploited by a hacking group known as HAFNIUM. These vulnerabilities are collectively known as ProxyLogon and were used by threat actors in January and February to install web shells on compromised Exchange servers.

Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft. Attackers are using "Contact us" forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said.

A free proxy service called TheOldNet brings back the beginning of the Internet by causing every web page you visit to be returned from a specific year between 1996 through 2012 rather than its current version. A proxy server is an application or remote device that acts as an intermediary between your web browser and a website you would like to visit.

In a brief yet fascinating press release, Europol just announced the arrest of an Italian man who is accused of "Hiring a hitman on the dark web". No victim targeted for murder via the dark web is ever going to take much comfort in the fact that their proposed assassin "Might not have been real."

If you've got an application which faces the web, no one would dispute that you should probably have a web application firewall sitting in front of it. Web apps, after all, are the leading cause of security breaches, and the web application firewall is first line of defence, preventing bad actors getting in in the first place, and then leaving with whatever goodies they've found.

As part of this partnership, Liquid Web customers can employ the Threat Stack Oversight Intrusion Detection System as an additional layer of security to Liquid Web servers with an advanced Intrusion Detection System. Together, Threat Stack Oversight and Liquid Web will provide customers with real-time monitoring for user, process, network, and file behaviors in critical systems across Linux and Windows servers.

Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers. Throughout the last year, VISA has seen a growing trend of web shells being used to inject JavaScript-based scripts known as credit card skimmers into hacked online stores in web skimming attacks.

Zyxel Networks announced the launch of XGS1250-12 12-Port Web-Managed Multi-Gigabit Switch with 3-Port 10G and 1-Port 10G SFP+. Designed to optimize high-bandwidth applications in the home and office, such as HD multimedia content creation and storage, and high-speed WiFi 6 data and IoT traffic, the versatile XGS1250-12 switch features three multi-Gigabit ports to eliminate network bottlenecks for devices such as 10G NAS or servers, WiFi 6 access points and new 2.5G motherboards. The switch features eight Gigabit Ethernet ports, one 10G SFP+ port, and three Multi-Gigabit ports that support five speeds: 10 Gbps, 5 Gbps, 2.5 Gbps, 1 Gbps and 1 Gbps. The highest common link speed is automatically and independently negotiated with each connected device.

It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools' Day, Redmond has said. The web giant's Threat Analysis Group said it had detected in March a bogus security company SecuriElite reaching out to legit professionals via social media, such as LinkedIn and Twitter.