Category

Website Protection

Website Protection Page 1

Hackers Compromised Credentials FTP Website Hijacking

Hackers abused compromised FTP credentials to hijack websites

A new widespread redirection campaign targets thousands of users from East Asia through legitimate FTP credentials. Numerous incidents showed that the attackers acquired highly secure auto-generated FTP credentials and utilised them to infect the victim websites to guide their visitors to another explicit-packed webpage. Researchers claimed that the campaign compromised at least 10,000 websites owned...
Continue Reading
SCARLETEEL Cyberattack Operation Sophisticated Tactics Steal Data

SCARLETEEL operation uses sophisticated tactics to steal data

A newly discovered hacking campaign called SCARLETEEL operation eyes public-facing web applications that operate in containers to breach cloud services and steal data. Based on reports, the researchers stumbled upon this new operation while responding to a cybersecurity incident against a compromised cloud environment. The campaign operators displayed advanced AWS cloud mechanics expertise while deploying...
Continue Reading
Hackers Vulnerability Exploit WordPress CMS Houzez Theme Website Hijacking

Hackers exploited the WordPress Houzez theme to hijack websites

The WordPress Houzez theme has two vulnerabilities that allow hackers to exploit it to target websites that employ the plugin. Based on reports, real-estate websites were the ones that primarily used the add-ons. This WordPress theme is a premium plugin that costs nearly $70 and offers easy listing management and a convenient customer experience. The...
Continue Reading
Cyberattack Incident System Disruption Burton Snowboards

A cyber incident disrupted the Burton Snowboards firm’s operations

One of the most extensive snowboard manufacturing companies, Burton Snowboards, cancelled every online order earlier this week after an alleged cyber incident occurred within their environment. The snowboard manufacturing firm stated that they had experienced a system outage due to a recent cyber incident that obstructed them from processing online orders. The company posted several...
Continue Reading
WhiskerSpy Malware Spread Watering Hole Attack Tactic

WhiskerSpy malware gets spread via a watering hole attack tactic

A new cybercriminal campaign has been observed in the wild, allegedly launched by the ‘Earth Kitsune’ hacking group, which was seen deploying the ‘WhiskerSpy’ malware against its targets. In this new campaign, the threat group used the watering hole attack tactic to infect the visitors of a pro-North Korea website. The Earth Kitsune operators spread...
Continue Reading
Ad Fraud Campaign Cybercrime WordPress Websites URL Shorteners Malicious Domains

A new ad fraud campaign impacted thousands of WordPress sites

Over 10,800 WordPress sites have been infected by a malware campaign involving malicious domains hiding behind URL shorteners. Researchers explained that this new campaign aims to commit ad fraud, where the malicious operators artificially increase a site’s traffic to increase ranking and gain profit through Google’s AdSense. Based on an analysis, the ad fraud campaign...
Continue Reading
WordPress Plugin Theme Vulnerability Exploit Security Flaw Linux Malware

WordPress plugins exploited by a new Linux malware

A previously undiscovered Linux malware has been abusing about 30 vulnerabilities in numerous outdated WordPress plugins and themes to deploy malicious JavaScript. Based on a report from an AV vendor, the new Linux malware targets the 32-bit and 64-bit Linux systems, providing its users with remote command capabilities. The primary feature of the trojan is...
Continue Reading
Threat Actors Brand Abuse Flaw Vulnerability CMS WordPress Gift Card Plugin Woocommerce

Threat actors abused a flaw in the WordPress gift card plugin

Malicious threat groups currently target a critical WordPress gift card plugin bug that owners use on over 50,000 sites. Based on reports, the affected feature is called YITH WooCommerce Gift Cards Premium, a plugin website admins use to sell gift cards in their online stores. The vulnerability allows unauthenticated hackers to upload files to prone...
Continue Reading
Shoe Manufacturing Ecco Exposed Data Digital Risk Security Compliance Website Protection

Shoe manufacturer, Ecco, exposed data for nearly two years

Researchers discovered troves of exposed data from a well-known shoe manufacturing company, Ecco. Based on reports, the company has leaked more than 60 gigabytes of data that has been publicly accessible for nearly two years. Moreover, the data leak incident contained millions of sensitive documents that were accessible. Any user accessing the leaked documents could...
Continue Reading
GoTrim Botnet CMS WordPress Website Protection Threat Visualization

GoTrim botnet scours the internet to target WordPress websites

The GoTrim botnet is a Go language-based brute-force entity that currently scans the internet for self-hosted WordPress websites to take over WordPress admin accounts. Based on reports, this botnet began its campaign last September and has been on a tear ever since. Researchers say GoTrim uses a bot network to execute distributed brute-force attacks against...
Continue Reading
1 2 3 7