#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

SEO | Breaking Cybersecurity News | The Hacker News

Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks

Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks
Jan 11, 2023 Healthcare / Cyber Threat
A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit , also called Gootloader, is  known  to  employ  search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with common keywords. Like other malware of its kind, Gootkit is capable of stealing data from the browser, performing adversary-in-the-browser (AitB) attacks, keylogging, taking screenshots, and other malicious actions. Trend Micro's  new findings  reveal that the keywords "hospital," "health," "medical," and "enterprise agreement" have been paired with various city names in Australia, marking the malware's expansion beyond accounting and law firms. The starting point of the cyber assault is to direct users searching for the same keywords to an infe

New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar

New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar
Apr 18, 2022
Cybersecurity researchers have disclosed an advanced version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar. "The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files)," Palo Alto Networks Unit 42 researchers  said  in a report published this month. "This campaign is still in development and going back to using executables files (EXE) as it did in its earlier versions." SolarMarker, also called Jupyter, leverages manipulated search engine optimization (SEO) tactics as its primary infection vector. It's known for its information stealing and backdoor features, enabling the attackers to steal data stored in web browsers and execute arbitrary commands retrieved from a remote server. In February 2022, the operators of SolarMarker were  observed  using stealthy Windows Registry

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites
Mar 01, 2021
A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads. "The  Gootkit  malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt  said  in a write-up published today. "In recent years, almost as much effort has gone into improvement of its delivery method as has gone into the NodeJS-based malware itself." Dubbed "Gootloader," the expanded malware delivery system comes amid a surge in the number of infections targeting users in France, Germany, South Korea, and the U.S. First documented in 2014, Gootkit is a Javascript-based malware platform capable of carrying out an array of covert activities, including web injection, capturing keystrokes, taking screenshots, recording videos, as well as email and password theft. Over the years, the

Demonstrate Responsible AI: Get the ISO 42001 Compliance Checklist from Vanta

cyber security
websiteVantaCompliance / Security Audit
ISO 42001 helps organizations demonstrate trustworthy AI practices in accordance with global standards. With Vanta, completing the requirements for ISO 42001 compliance can be done in a fraction of the time. Download the checklist to get started.

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks
May 20, 2024Software Security / Vulnerability
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make up between  70% and 90% of any given piece of modern software . Unfortunately for our security-minded developers, most modern vulnerabilities come from those software components.  As new vulnerabilities emerge and are publicly reported as  Common Vulnerabilities and Exposures  (CVEs), security teams have little choice but to ask the developer to refactor the code to include different versions of the dependencies. Nobody is happy in this situation, as it blocks new features and can be maddening to roll back component versions and hope that nothing breaks. Developers need a way to  quickly  determine if

How to Run Google SERP API Without Constantly Changing Proxy Servers

How to Run Google SERP API Without Constantly Changing Proxy Servers
Oct 29, 2020
You've probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web page. Companies and coders from across the world use them to download Google's SERP data. And they work well – for a little while. After several scrapes, Google's automated security system kicks in. Then it kicks you out. The standard was to bypass the block is to use a proxy. However, each proxy only allows a limited number of scrapes. That's why Google SERP APIs are the perfect tool to overcome these limitations. This article examines how to overcome Google web scraping issues without changing proxy servers. Read on to learn more about web scraping. Discover the types of data you can extract. And how API web scraping tools can make your life a  lot  easier. What Is Web Scraping? Think of a website that you want to copy information from. How can you extract that data without entering the site on your browser and dow

21-Year-Old Cypriot Hacker Extradited to U.S. Over Fraud and Extortion Charges

21-Year-Old Cypriot Hacker Extradited to U.S. Over Fraud and Extortion Charges
Jul 20, 2020
The United States Department of Justice has extradited two criminals from the Republic of Cyprus—one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organization Hezbollah. Both suspects— Joshua Polloso Epifaniou , 21, a resident of Nicosia, and Ghassan Diab , 37, a citizen of Lebanon—were arrested earlier last year and extradited to the United States last weekend. According to the indictment , Epifaniou conducted a brute force attack against the Phoenix-based online review portal Ripoff Report (ROR) in October 2016 and successfully override ROR's login and password protection to gain access to its database through an existing account associated with a ROR employee. In November 2016, Epifaniou tried to extort the company by emailing ROR's CEO with a hyperlink to a video demonstrating Epifaniou's unauthorized access to the ROR CEO's account, threatening him to publicly di

CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes
Nov 24, 2014
Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named "CryptoPHP . " Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal . However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor. In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins' server. "By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is

Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk
May 31, 2014
Multiple Serious vulnerabilities have been discovered in the most famous ' All In One SEO Pack ' plugin for WordPress, that put millions of Wordpress websites at risk. WordPress is easy to setup and use, that's why large number of people like it. But if you or your company is using ' All in One SEO Pack ' Wordpress plugin to optimize the website ranking in search engines, then you should update your SEO plugin immediately to the latest version of All in One SEO Pack 2.1.6 . Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service. More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization. Acco
Expert Insights
Cybersecurity Resources