Website Protection Page 1

A new widespread redirection campaign targets thousands of users from East Asia through legitimate FTP credentials. Numerous incidents showed that the attackers acquired highly secure auto-generated FTP credentials and utilised them to infect the victim websites to guide their visitors to another explicit-packed webpage. Researchers claimed that the campaign compromised at least 10,000 websites owned...Continue Reading

A newly discovered hacking campaign called SCARLETEEL operation eyes public-facing web applications that operate in containers to breach cloud services and steal data. Based on reports, the researchers stumbled upon this new operation while responding to a cybersecurity incident against a compromised cloud environment. The campaign operators displayed advanced AWS cloud mechanics expertise while deploying...Continue Reading

The WordPress Houzez theme has two vulnerabilities that allow hackers to exploit it to target websites that employ the plugin. Based on reports, real-estate websites were the ones that primarily used the add-ons. This WordPress theme is a premium plugin that costs nearly $70 and offers easy listing management and a convenient customer experience. The...Continue Reading

One of the most extensive snowboard manufacturing companies, Burton Snowboards, cancelled every online order earlier this week after an alleged cyber incident occurred within their environment. The snowboard manufacturing firm stated that they had experienced a system outage due to a recent cyber incident that obstructed them from processing online orders. The company posted several...Continue Reading

A new cybercriminal campaign has been observed in the wild, allegedly launched by the ‘Earth Kitsune’ hacking group, which was seen deploying the ‘WhiskerSpy’ malware against its targets. In this new campaign, the threat group used the watering hole attack tactic to infect the visitors of a pro-North Korea website. The Earth Kitsune operators spread...Continue Reading

Over 10,800 WordPress sites have been infected by a malware campaign involving malicious domains hiding behind URL shorteners. Researchers explained that this new campaign aims to commit ad fraud, where the malicious operators artificially increase a site’s traffic to increase ranking and gain profit through Google’s AdSense. Based on an analysis, the ad fraud campaign...Continue Reading

A previously undiscovered Linux malware has been abusing about 30 vulnerabilities in numerous outdated WordPress plugins and themes to deploy malicious JavaScript. Based on a report from an AV vendor, the new Linux malware targets the 32-bit and 64-bit Linux systems, providing its users with remote command capabilities. The primary feature of the trojan is...Continue Reading

Malicious threat groups currently target a critical WordPress gift card plugin bug that owners use on over 50,000 sites. Based on reports, the affected feature is called YITH WooCommerce Gift Cards Premium, a plugin website admins use to sell gift cards in their online stores. The vulnerability allows unauthenticated hackers to upload files to prone...Continue Reading

Researchers discovered troves of exposed data from a well-known shoe manufacturing company, Ecco. Based on reports, the company has leaked more than 60 gigabytes of data that has been publicly accessible for nearly two years. Moreover, the data leak incident contained millions of sensitive documents that were accessible. Any user accessing the leaked documents could...Continue Reading

The GoTrim botnet is a Go language-based brute-force entity that currently scans the internet for self-hosted WordPress websites to take over WordPress admin accounts. Based on reports, this botnet began its campaign last September and has been on a tear ever since. Researchers say GoTrim uses a bot network to execute distributed brute-force attacks against...Continue Reading