INFOSEC IN BRIEF Scammers have exploited Google’ s advertising system to promote a malicious version of the Authenticator software. A team at Malwarebytes identified the deceptive ads, which appear to originate from a Google-approved domain and a verified user. The ads misleadingly list the download domain as google.com, but…
Cloudways
Over 1 Million Domains Vulnerable to ‘Sitting Ducks’ Hijacking Attack
More than 1 million domains are at risk of being taken over by attackers using a technique known as the Sitting Ducks attack, according to a joint analysis by Infoblox and Eclypsium. The Sitting Ducks attack exploits vulnerabilities in the Domain Name System (DNS), allowing cybercriminals, primarily from…
Credit Card Users Report Unauthorized Shopify-Charge.com Transactions
People worldwide are seeing unexplained charges of $1 or $0 from Shopify-charge.com on their credit card statements, even though they did not make any purchases. These mysterious charges have appeared on a variety of credit cards, both physical and virtual, from providers like Discover, Monzo, Capital One, and…
DigiCert to Revoke Over 83,000 SSL Certificates Due to Validation Error
Certificate authority (CA) DigiCert has announced that it will revoke a subset of SSL/TLS certificates within 24 hours due to an oversight in verifying domain ownership. The company revealed that certificates lacking proper Domain Control Validation (DCV) will be revoked. “ Before issuing a certificate, DigiCert validates the customer’ s…
WhatsApp Allows Unrestricted Python, PHP Script Execution on Windows
Meta’ s popular chat platform, WhatsApp, has been found to exhibit a concerning feature. According to researcher Saumyajeet Das, the Windows version of WhatsApp does not issue security alerts when Python files are downloaded from chats. This flaw enables adversaries to send malicious scripts to WhatsApp users on Windows….
Ransomware Gangs Exploit New ESXi Vulnerability to Gain Admin Access
Security experts are raising alarms about a newly patched VMware ESXi hypervisor vulnerability that is being actively exploited by prominent ransomware groups. CVE-2024-37085, despite its 6.8 CVSS rating, has been leveraged by ransomware gangs such as Black Basta, Akira, Medusa, and Octo Tempest/Scattered Spider as a post-compromise technique….
New Phishing Scam Exploits OneDrive Users with Malicious PowerShell Script
Cybersecurity researchers are alerting the public to a phishing campaign targeting Microsoft OneDrive users, which employs a malicious PowerShell script to compromise systems. Trellix security researcher Rafael Pena explained, “ This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their…
How Find a Mover Elevated Their Website’s Performance with DNS Made Easy on Cloudways
Q. Let’ s start by getting to know you. Can you tell us a little about yourself and the story behind your business? Absolutely! My journey began with a passion for technology, which led me to study Computer Science. My first job was at an IT support company that…
How Ruby Digital Agency Optimizes Client Migrations with DNS Made Easy on Cloudways
Q. Let’ s start by getting to know you. Can you tell us a little about yourself and the story behind your business? My name is Lance Allison, and I am the CEO of Ruby Digital Agency (RDA) based in Salt Lake City. I have a long track record of…
John Heenan on How Can New Agencies Overcome the Hurdles of Limited Experience and Knowledge?
Welcome, everyone! Today, we’ re delighted to have John Heenan join us to discuss how new agencies can overcome the hurdles of limited experience and knowledge. With over 20 years in the advertising industry, John brings a wealth of insights. He has worked with hundreds of ad agencies, creating…
CrowdStrike Attributes Global Outage to Test Software Bug
CrowdStrike has identified a bug in its own test software as the cause of last week’ s mass-crash event affecting 8.5 million Windows systems. In an update to its remediation guide, CrowdStrike included a Preliminary Post Incident Review (PIR) explaining how its Falcon Sensor, which ships with “ Sensor Content” , …
Google’s reCAPTCHA v2 Exploits Users for Profit, Researchers Say
Google promotes its reCAPTCHA service as a security tool for websites, but researchers from the University of California, Irvine, claim it’ s being used to harvest information and extract billions of dollars worth of human labor. CAPTCHA stands for “ Completely Automated Public Turing test to tell Computers and Humans…
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers
A recently patched security vulnerability in Microsoft Defender SmartScreen has been exploited in a new campaign to distribute information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs detected this stealer campaign targeting Spain, Thailand, and the U.S. The attackers used booby-trapped files to exploit CVE-2024-21412…
WordPress 6.6.1 Fixes Fatal Errors and Major Bugs
WordPress has released version 6.6.1 to address significant flaws found in the recently launched version 6.6. This update resolves seven major issues, including two that caused fatal errors (website crashes), a problem that led security plugins to issue false warnings, and several bugs that resulted in unwanted UI…
Okta Browser Plugin Vulnerable to Reflected Cross-Site Scripting Attacks
The Okta Browser Plugin, available on popular browsers like Edge, Chrome, Safari, and Firefox, has over 5 million users. Recently, a Cross-Site Scripting (XSS) vulnerability was discovered in the plugin, potentially allowing threat actors to execute arbitrary JavaScript code. Okta responded swiftly to the report, publishing a security…
PINEAPPLE and FLUXROOT Hacker Groups Exploit Google Cloud for Credential Phishing
Two Latin America (LATAM)-based hacker groups, FLUXROOT and PINEAPPLE, have been found abusing Google Cloud serverless projects to conduct credential phishing campaigns, demonstrating the potential misuse of cloud computing models for malicious activities. Google’ s biannual Threat Horizons Report [PDF], shared with The Hacker News, reveals that serverless architectures—popular…
Fake CrowdStrike Fixes Target Companies with Malware and Data Wipers
Threat actors are exploiting the recent CrowdStrike update issue to target companies with malware and data wipers. Following a glitchy update that caused massive business disruptions on Friday, researchers and government agencies have noticed a surge in phishing emails attempting to take advantage of the situation. In an…
New Linux Variant of Play Ransomware Targets VMware ESXi Systems
Cybersecurity researchers have discovered a new Linux variant of the Play ransomware, also known as Balloonfly and PlayCrypt, specifically targeting VMware ESXi environments. This suggests that the ransomware group may be expanding its attacks across the Linux platform, potentially increasing their victim pool and improving ransom negotiation outcomes, …
Meta Suspends AI Use in Brazil Following Data Protection Authority Ban
Meta has halted the use of generative artificial intelligence (GenAI) in Brazil in response to a preliminary ban issued by the country’ s data protection authority, the National Data Protection Authority (ANPD). This decision comes after ANPD raised concerns about Meta’ s new privacy policy, which allowed the company to…
SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks
Cybersecurity researchers have identified several security flaws in SAP AI Core, a cloud-based platform used for creating and deploying predictive artificial intelligence (AI) workflows. These vulnerabilities could be exploited to gain access to customer data and access tokens. The five vulnerabilities, collectively dubbed SAPwned by cloud security firm…