Tag Archive for: Sites

WordPress sites being hacked with fake Cloudflare DDoS to distribute malware

/in


WordPress sites being hacked with fake Cloudflare DDoS to distribute malwareImage courtesy:wordpress.org

On Saturday, WordPress sites are being hacked for displaying fake Cloudflare DDoS protection pages to circulate malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.

DDoS protection screens are commonplace on the internet, that protects sites from bots, pinging them with bogus requests which aim to overwhelm them with garbage traffic.

Internet users treat these welcome screens as an unavoidable short-term annoyance that keeps their favorite online resources protected from malicious operatives. Unfortunately, this familiarity serves as an excellent opportunity for malware campaigns, Bleeping Computer reports.

According to the reports by Sucuri, hackers are attacking poorly protected WordPress sites to add a heavily obscure JavaScript payload, displaying a fake Cloudflare protection DDoS screen.

In June 2022, Raccoon Stealer returned to operations when its authors released its second major version and made it available to cybercriminals under a subscription model.

Raccoon 2.0 targets passwords, cookies, auto-fill data, and credit cards saved on web browsers, a wide range of cryptocurrency wallets, and it also has the potential of performing file exfiltration and taking screenshots of the victim’s desktop.

 




Source…

Cabinet approves upgradation of 2G mobile sites to 4G at security sites in LWE areas

/in


Cabinet approves upgradation of 2G mobile sites to 4G at security sites in LWE areas

Cabinet approves upgradation of 2G mobile sites to 4G at security sites in LWE areas

Photo : iStock

The Union Cabinet chaired by Prime Minister Narendra Modi has approved a Universal Service Obligation Fund (USOF) project for upgrading 2G mobile services to 4G at security sites in Left-Wing Extremism (LWE) hit areas.

The project envisages upgrading 2,343 LWE Phase-I sites from 2G to 4G mobile services at an estimated cost of Rs.1,884.59 crore (excluding taxes and levies). This includes O&M for five years. However, BSNL will maintain the sites for another five years at its own cost.

The work will be awarded to BSNL because these sites belong to BSNL. The Cabinet also approved funding of operations and maintenance cost of LWE Phase-I 2G sites by BSNL for an extended period beyond the contractual period of five years at an estimated cost of Rs 541.80 crore.

The extension will be up to 12 months from the date of approval by the Cabinet or commissioning of 4G sites, whichever is earlier. The government chose BSNL for a prestigious project to indigenous 4G telecom equipment so as to achieve self-reliance in the telecom gear segment to fulfil domestic market needs apart from exporting to other markets. This 4G equipment will be deployed in this project also. The upgradation will enable better internet and data services in these LSW areas.

Related News

BSNL-MTNL merger deferred Government informs Parliament

BSNL-MTNL merger deferred: Government informs Parliament

Govt plans to merge BBNL with BSNL this month BSNL CMD

Govt plans to merge BBNL with BSNL this month: BSNL CMD

It meets the requirements of the Ministry of Home Affairs and the state governments.It shall also fulfil the communication needs of the security personnel deployed in these areas. The proposal is in line with the goal of providing mobile connectivity in rural areas. In addition, delivery of various e-governance services, banking services, tele-medicine; tele-education etc. through mobile broadband shall be possible in these areas.

Source…

Critical vulnerability in popular WordPress plugin exposes millions of sites to hacking

/in


A critical vulnerability in a highly popular WordPress plugin has exposed millions of websites to hacking.

Discovered by researchers at Plugin Vulnerabilities and detailed April 12, the vulnerability was found in Elementor, a WordPress plugin that allows users to build websites with more than 5 million active installations. The vulnerability was found in version 3.6.0 of the plugin, introduced on March 22, with about a third of the sites using Elemantor to run the vulnerable version when the vulnerability was found.

The vulnerability is caused by an absence of a critical access check in one of the plugin’s files, which is loaded on every request, even if users are not logged in. Because the check does not occur, access to the file and hence the plugin is open to all and sundry, including bad actors.

Exploiting the vulnerability opens the door for anyone to make changes to the site, including uploading arbitrary files. As a result, hackers could exploit the vulnerability for remote code execution and takeover of a site running the plugin. “Based on just what we saw in our very limited checking, we would recommend not using this plugin until it has had a thorough security review and all issues are addressed,” the researchers noted.

The vulnerability has since been addressed in the latest update to Elementor version 3.6.3. Naturally, anyone running a WordPress install with Elementor  3.6.0 to 3.6.2 is encouraged to update to the latest version to address the critical vulnerability.

“WordPress powers as much as a third of all websites on the Internet, including some of the most highly trafficked sites and a large percentage of e-commerce sites, so why aren’t they better equipped to protect against attack?”  Pravin Madhani, co-founder and chief executive of application security platform provider K2 Cyber Security Inc., told SiliconANGLE. “In particular, RCE is one of the most dangerous flaws because it gives the attacker the ability to run almost any code on the hacked site.”

Madhani explained that traditional application security tools like Web Application Firewalls have difficulty in dealing with RCE attacks because they rely on understanding a past RCE…

Source…

Malicious web redirect service infects 16,500 sites to push malware

/in


Malicious web redirect service infects 16,500 sites to push malware

A new traffic direction system (TDS) called Parrot is relying on servers that host 16,500 websites of universities, local governments, adult content platforms, and personal blogs.

Parrot’s use is for malicious campaigns to redirect potential victims matching a specific profile (location, language, operating system, browser) to online resources such as phishing and malware-dropping sites.

Threat actors running malicious campaigns buy TDS services to filter incoming traffic and send it to a final destination serving malicious content.

TDS are also legitimately used by advertisers and marketers, and some of these services were exploited in the past to facilitate malspam campaigns.

Used for RAT distribution

Parrot TDS was discovered by threat analysts at Avast, who report that it’s currently used for a campaign called FakeUpdate, which delivers remote access trojans (RATs) via fake browser update notices.

Site displaying the fake browser update notice
Site displaying the fake browser update warning (Avast)

The campaign appears to have started in February 2022 but signs of Parrot activity have been traced as far back as October 2021.

“One of the main things that distinguishes Parrot TDS from other TDS is how widespread it is and how many potential victims it has,” comments Avast in the report

“The compromised websites we found appear to have nothing in common apart from servers hosting poorly secured CMS sites, like WordPress sites.”

Malicious JavaScript code seen in compromised sites
Malicious JavaScript code seen in compromised sites (Avast)

Threat actors have planted a malicious web shell on compromised servers and copied it to various locations under similar names that follow a “parroting” pattern.

Moreover, the adversaries use a PHP backdoor script that extracts client information and forwards requests to the Parrot TDS command and control (C2) server.

In some cases, the operators use a shortcut without the PHP script, sending the request directly to the Parrot infrastructure.

Parrot's direct and proxied forwarding
Parrot’s direct and proxied forwarding (Avast)

Avast says that in March 2022 alone its services protected more than 600,000 of its clients from visiting these infected sites, indicating the massive scale of the Parrot redirection gateway.

Most of the users targeted by these…

Source…