SEO | Breaking Cybersecurity News | The Hacker News

A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit , also called Gootloader, is  known  to  employ  search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with common keywords. Like other malware of its kind, Gootkit is capable of stealing data from the browser, performing adversary-in-the-browser (AitB) attacks, keylogging, taking screenshots, and other malicious actions. Trend Micro's  new findings  reveal that the keywords "hospital," "health," "medical," and "enterprise agreement" have been paired with various city names in Australia, marking the malware's expansion beyond accounting and law firms. The starting point of the cyber assault is to direct users searching for the same keywords to an infe

Cybersecurity researchers have disclosed an advanced version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar. "The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files)," Palo Alto Networks Unit 42 researchers  said  in a report published this month. "This campaign is still in development and going back to using executables files (EXE) as it did in its earlier versions." SolarMarker, also called Jupyter, leverages manipulated search engine optimization (SEO) tactics as its primary infection vector. It's known for its information stealing and backdoor features, enabling the attackers to steal data stored in web browsers and execute arbitrary commands retrieved from a remote server. In February 2022, the operators of SolarMarker were  observed  using stealthy Windows Registry

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads. "The  Gootkit  malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt  said  in a write-up published today. "In recent years, almost as much effort has gone into improvement of its delivery method as has gone into the NodeJS-based malware itself." Dubbed "Gootloader," the expanded malware delivery system comes amid a surge in the number of infections targeting users in France, Germany, South Korea, and the U.S. First documented in 2014, Gootkit is a Javascript-based malware platform capable of carrying out an array of covert activities, including web injection, capturing keystrokes, taking screenshots, recording videos, as well as email and password theft. Over the years, the

You've probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web page. Companies and coders from across the world use them to download Google's SERP data. And they work well – for a little while. After several scrapes, Google's automated security system kicks in. Then it kicks you out. The standard was to bypass the block is to use a proxy. However, each proxy only allows a limited number of scrapes. That's why Google SERP APIs are the perfect tool to overcome these limitations. This article examines how to overcome Google web scraping issues without changing proxy servers. Read on to learn more about web scraping. Discover the types of data you can extract. And how API web scraping tools can make your life a  lot  easier. What Is Web Scraping? Think of a website that you want to copy information from. How can you extract that data without entering the site on your browser and dow

The United States Department of Justice has extradited two criminals from the Republic of Cyprus—one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organization Hezbollah. Both suspects— Joshua Polloso Epifaniou , 21, a resident of Nicosia, and Ghassan Diab , 37, a citizen of Lebanon—were arrested earlier last year and extradited to the United States last weekend. According to the indictment , Epifaniou conducted a brute force attack against the Phoenix-based online review portal Ripoff Report (ROR) in October 2016 and successfully override ROR's login and password protection to gain access to its database through an existing account associated with a ROR employee. In November 2016, Epifaniou tried to extort the company by emailing ROR's CEO with a hyperlink to a video demonstrating Epifaniou's unauthorized access to the ROR CEO's account, threatening him to publicly di

Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named "CryptoPHP . " Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal . However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor. In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins' server. "By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is

Multiple Serious vulnerabilities have been discovered in the most famous ' All In One SEO Pack ' plugin for WordPress, that put millions of Wordpress websites at risk. WordPress is easy to setup and use, that's why large number of people like it. But if you or your company is using ' All in One SEO Pack ' Wordpress plugin to optimize the website ranking in search engines, then you should update your SEO plugin immediately to the latest version of All in One SEO Pack 2.1.6 . Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service. More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization. Acco