search engine optimization | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. "The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing real upstream resources," Check Point security researcher Alexey Bukhteyev said in a breakdown of the campaign. "The deception is not in the page content alone, it's in what happens when a user interacts." "These pages load a CloudFront-hosted JavaScript staging layer that converts a click on a 'download' button/link into a handoff to a Traffic Distribution System (TDS). The TDS enforces strict gating: first-visit state, mandatory click confirmation, anti-bot/anti-analysis logic, VPN/datacenter filtering, and frequency capping." It's suspected t...

The United States Department of Justice has extradited two criminals from the Republic of Cyprus—one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organization Hezbollah. Both suspects— Joshua Polloso Epifaniou , 21, a resident of Nicosia, and Ghassan Diab , 37, a citizen of Lebanon—were arrested earlier last year and extradited to the United States last weekend. According to the indictment , Epifaniou conducted a brute force attack against the Phoenix-based online review portal Ripoff Report (ROR) in October 2016 and successfully override ROR's login and password protection to gain access to its database through an existing account associated with a ROR employee. In November 2016, Epifaniou tried to extort the company by emailing ROR's CEO with a hyperlink to a video demonstrating Epifaniou's unauthorized access to the ROR CEO's account, threatening him to publicly di...

Last week, we reported about a critical zero-day flaw in WordPress that was silently patched by the company before hackers have had their hands on the nasty bug to exploit millions of WordPress websites. To ensure the security of millions of websites and its users, WordPress delayed the vulnerability disclosure for over a week and worked closely with security companies and hosts to install the patch, ensuring that the issue was dealt with in short order before it became public. But even after the company's effort to protect its customers, thousands of admins did not bother to update their websites, which are still vulnerable to the critical bug and has already been exploited by hackers. While WordPress includes a default feature that automatically updates unpatched websites, some admins running critical services disable this feature for first testing and then applying patches. Even the news blog of one of the famous Linux distribution OpenSUSE (news.opensuse.org) was ...

Google faces a record anti-trust penalty of about 3 BILLION Euros (US$3.4 Billion) from the European Commission in the coming days, according to reports. After 7-years of the investigation, the European Commission filed anti-trust charges against Google last year for violating antitrust laws. The European Union accused the search engine giant that it had abused its dominance in search by unfairly prioritize and displaying its own comparison shopping service at the top of its search results at the expense of rival products. British newspaper The Sunday Telegraph reports that the European Union is currently preparing a fine of about 3 Billion Euros ($3.4 billion), which is almost triple the amount (1.06 Billion Euro) that Intel was levied several year ago over violating antitrust law. According to the newspaper's sources, the EU officials, led by Margrethe Vestager , are planning to openly announce the fine against Google as early as next month, although the exact figure...

A critical vulnerability has been discovered in the most popular plugin of the WordPress content management platform (CMS) that puts tens of Millions of websites at risks of being hacked by the attackers. The vulnerability actually resides in most versions of a WordPress plugin known as ‘ WordPress SEO by Yoast ,’ which has more than 14 Million downloads according to Yoast website, making it one of the most popular plugins of WordPress for easily optimizing websites for search engines i.e Search engine optimization (SEO). The vulnerability in WordPress SEO by Yoast has been discovered by Ryan Dewhurst , developer of the WordPress vulnerability scanner ‘ WPScan ’. All the versions prior to 1.7.3.3 of ‘WordPress SEO by Yoast’ are vulnerable to Blind SQL Injection web application flaw, according to an advisory published today. SQL injection (SQLi) vulnerabilities are ranked as critical one because it could cause a database breach and lead to confidential information ...

Multiple Serious vulnerabilities have been discovered in the most famous ‘ All In One SEO Pack ’ plugin for WordPress, that put millions of Wordpress websites at risk. WordPress is easy to setup and use, that’s why large number of people like it. But if you or your company is using ‘ All in One SEO Pack ’ Wordpress plugin to optimize the website ranking in search engines, then you should update your SEO plugin immediately to the latest version of All in One SEO Pack 2.1.6 . Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service. More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization. Acco...