Tag Archive for: links

Hackers use Royal Family website to promote links to porn and casinos | UK News

/in



Caption: Exclusive: Hackers use Royal Family's website to promote thousands of links to porn and casinosCredit Getty / royal
Hackers are using the Royal Family’s website to promote thousands of links to pornography and online casinos (Picture: Getty/royal.uk)

The Royal Family’s website is being used by ‘Black Hat SEO’ hackers to promote thousands of links to pornography and other adult content.  

Google is investigating after the prestigious royal.uk address was hijacked by spammers posting blurbs in a mixture of Mandarin Chinese and English.

Searches on the engine show that the official URL has been ‘malformed’ to link to explicit and potentially harmful content elsewhere on the web.

The majority advertise casino and gambling sites while hundreds link to pornography in the attempt to boost search engine optimisation (SEO).

The royals are among the victims of a practice whereby hackers use the online presence of reputable organisations to promote grubby content and increase their rankings in valuable search engine listings.

Although there is no inappropriate material visible on the royal website itself, the rogue links show up in Google searches. The official title complete with the Royal Coat of Arms appears above each result. 


The royal.uk brand is being used to promote seedy content (Picture: Google)
The royal.uk brand is being used to promote seedy content (Picture: Google)

The spammers are thought to have tampered with the royal domain’s metadata — the embedded words and descriptive data which tell people what the content is about. Crucially, it helps search engines understand and index web pages accurately. 

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said: ‘By Royal Appointment is one of the most valuable endorsements that a company can receive, and these hackers have found a way to gain credit via the back door. It looks like they have managed to insert some malicious code in the metadata of the official Royal Family website and hidden rogue links to all sorts of unsavoury pages.

‘Hackers often use phishing attacks to grab passwords, which can let them log in and edit the website metadata. 

‘Visitors to the website shouldn’t stumble across these links, but scammers are benefiting from the association with one of the world’s most prestigious domain names.’ 

Other trusted domain names have been used to promote and…

Source…

CircleCI probe links malware placed on engineer’s laptop to larger breach

/in


CircleCI said an unauthorized third-party leveraged malware on the laptop of one of its engineers to steal a valid 2FA-backed single-sign-on session, according to highly anticipated report stemming from a security incident disclosed earlier this month. 

The engineer’s laptop was compromised on Dec. 16, but the company’s antivirus software failed to detect the malware, the company said. 

“Our investigation indicates that the malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate across to a subset of our production systems,” CircleCI CTO Rob Zuber explained in the updated blog post.

Less than five customers have said they experienced unauthorized access to third-party systems, the company said.

The engineer had privileges to generate production access tokens, so the third-party was able to exfiltrate data from a subset of databases and stores, including customer environment variables, tokens and keys, according to the blog post. 

CircleCI strongly defended the employee in the report, emphasizing the incident was not due to the actions of any one person, but a collective failure of various systems. 

“While one employee’s laptop was exploited through this sophisticated attack, a security incident is a systems failure,” Zuber said in the blog post. “Our responsibility as an organization is to build layers of safeguards that protect against all attack vectors.”

The threat actor did reconnaissance activity on Dec. 19 and the exfiltration took place on Dec. 22. 

Though all the data exfiltrated was encrypted at rest, the third party extracted encryption keys from a running process, enabling them to potentially access the encrypted data,” Zuber said.

By Dec. 29, the company was alerted to suspicious GitHub OAuth activity and realized on Dec. 30 a Github OAuth token belonging to one of its customers was compromised by an unauthorized party. 

The customer resolved the issue, but on Dec. 31 CircleCI decided to rotate all GitHub OAuth tokens on behalf of customers. 

CircleCI said it considers the platform safe for customers to…

Source…

Warning to Nigerians: Avoid clicking links sent through SMS, malware in circulation, NCC says

/in


  • Nigerians have been asked not to click on any link sent through SMS because it can contain a terrible virus
  • According to the Nigerian Communications Commission (NCC), the virus infects Android mobile devices
  • Some of the messages with the link to the malware are said to contain information on COVID vaccination and power outages

The Nigerian Communications Commission (NCC) has warned the public of TangleBot, a new virus infecting Android mobile devices through short messaging service (SMS).

This was disclosed in a statement issued on Saturday by Ikechukwu Adinde, NCC spokesman, following a recent security advisory made available to the commission by the Nigeria Computer Emergency Response Team (ngCERT).

Avoid clicking links sent through SMS, malware in circulation, NCC says
NCC asks Nigerians to avoid clicking links sent through SMS. Photo: NCC
Source: Facebook

Some of the messages with the link to the malware are said to contain information on COVID vaccination and power outages.

“The aim behind both or either of the messages (on COVID-19 or impending power outages) is to encourage potential victims to follow a link that supposedly offers detailed information,” the statement reads.

Read also

Stop charging your phone in public places, ‘Yahoo boys’ can hack into your phones NCC warns Nigerians

Do you have a groundbreaking story you would like us to publish? Please reach us through [email protected]!

“Once at the page, users are asked to update applications such as Adobe Flash Player to view the page’s content by going through nine (9) dialogue boxes to give acceptance to different permissions that will allow the malware operators initiate the malware configuration process.

“The immediate consequence to this, is that the malware then steals sensitive data stored on the device and monitors almost every user activity, including camera use, audio conversations, and location, among other things.”

The NCC added that the malware takes control of the targeted device, including access to banking data.

“In order to ensure maximum protection for Internet users in the country, the ngCERT has offered a number of preventive measures to be taken by the consumers. These measures include an advisory to telecom consumers and other Internet users to refrain…

Source…

Pentagon links Iran intelligence to ‘MuddyWater’ hacking group

/in


The Pentagon’s cybersecurity arm on Wednesday said it has tied a hacking group known as MuddyWater to Iranian intelligence.

In doing so, US Cyber Command also identified several open-source software tools being used by the hacking group and disclosed them in an effort to thwart further attacks. MuddyWater allegedly used the tools to gain access to global computer networks.

A US Cyber Command spokeswoman said disclosure of the hacking group provides a “holistic picture of how Iranian hackers might be collecting information through the use of malware. The cyber agency described MuddyWater as operating under the Iranian Ministry of Intelligence and Security.

For the latest headlines, follow our Google News channel online or via the app.

The Iranian intelligence agency identifies political opponents through domestic surveillance and “surveils anti-regime activists abroad through its network of agents placed in Iran’s embassies, according to US Cyber Command, citing research from the Congressional Research Service.

Iran’s foreign ministry didn’t immediately respond Wednesday to a request seeking comment.

“Iran fields multiple teams that conduct cyber espionage, cyberattack and information operations, said Sarah Jones, the principal analyst for threat intelligence at the cybersecurity firm Mandiant Inc.

She said Iran’s security services that support these attackers, including its intelligence ministry and the Islamic Revolutionary Guard Corps, “are using them to get a leg up on Iran’s adversaries and competitors all over the world.

Read more:

Israel says it broke up Iranian spy ring, arrested five Israelis

Apparent Iran-linked hackers breach Israeli internet firm

Source…