A threat actor recently hijacked a vulnerable WordPress website set up by a security researcher, infecting the site to conduct a search engine optimization (SEO) attack in a potentially large-scale campaign. SEO attacks cause significant damage to a website’s operations by redirecting visitor traffic. In this case, the threat actor used brute-force cracking to access the researcher’s honeypot decoy site, then deployed malware that would redirect site visitors to any of 7,000 scam and e-commerce websites selling counterfeit products. The researcher also sounded the alarm on SEO extortion attacks, which coerce websites’ owners into paying ransom fees to reverse the damage to their search-engine rankings. SEO attacks, and extortion-based attacks in particular, place e-commerce stores at a high risk as the COVID-19 pandemic pushes holiday-season shoppers online: Fewer visitors means lost revenue.
A global spearphishing campaign targeted organizations associated with a COVID-19 vaccine cold chain.
Most Recent Flipbooks
The Federal Security Service of the Russian Federation (FSB) conducted a series of raids and arrests against at least 20 members of the "REvil" ransomware group.
Researchers have discovered a critical vulnerability in the popular open-source Java SQL database H2
For 2022, cyber-security practitioners must be extraordinarily nimble and adept. Plus information on telegram dropping malware, North Korean group exploits Russia, and Log4j crisis spilling in to 2022
Log4j bug exposes fragility of digital ecosystem worldwide. Plus information on Magecart home for the holidays, Emotet regaining power, and Muddywater APT group hunts for airline data via Slack.
Microsoft has allegedly halted a long-term cyber-espionage operation of “NICKEL”, a threat group linked to the People’s Republic of China (PRC).
Success of UK security bill depends on Internet of Things users
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.