Tag Archive for: visitors’

Password-cracking botnet has taken over WordPress sites to attack using the visitor’s browser


As reported by Ars Technica, cybersecurity researcher Denis Sinegubko has been monitoring ongoing website hacking activities for a long time. Now, he has identified a major pivot from crypto wallet drainers to brute-force password-cracking attacks on WordPress sites. Why is this happening, what does it mean, and what can you, as an end user, do? We’ll dive into all of the need-to-know information right away below.

First, let’s talk “Why.” Earlier in February, Sinegubko, writing for Sucuri’s blog, discussed an increase in “web3 crypto malware,” particularly malware used to inject crypto drainers into existing sites or use phishing sites for the same purpose.

Source…

MGM Resorts breach: Russian hackers claim attack, irritating visitors


A collaboration of Russian ransomware hacker gangs may have been responsible for MGM Resorts International’s cybersecurity issue that has plagued the company for four days.

The hacker gang ALPHV, also known as BlackCat, said that it had breached the gaming giant with a simple phone call, according to a post on X from malware repository vx-underground.

ALPHV provided the ransomware and the infrastructure and affiliate groups have used it to carry out the attacks, experts said. A group calling itself Scattered Monkey is believed to have carried out the attack, according to Brett Callow, a threat analyst for Emsisoft, an anti-malware software company.

MGM has not commented on the cause of the issue, which it hasn’t characterized as a cyberattack.

MGM, the state’s largest employer, has a major presence on the Strip with 10 resorts under its control. In addition to hosting thousands of visitors each night, MGM properties are major destinations for conventioneers with its Mandalay Bay Convention Center and sports fans with affiliations with multiple arenas, including T-Mobile Arena.

Some Cosmopolitan of Las Vegas employees who asked for anonymity said they’ve been told by supervisors that the outage could take seven to 10 days to resolve.

Meanwhile, a report published Wednesday said another casino giant, Reno-based Caesars Entertainment Inc., also was hacked in late August.

Bloomberg reported that Caesars paid millions of dollars in ransom after being cyberattacked by a group known as Scattered Spider or UNC 3944. The report said Caesars would soon issue a regulatory filing addressing the incident.

Another Las Vegas resort, Westgate Las Vegas, experienced some computer issues in mid-August, but it turned out that a construction crew had sliced through a fiber-optic cable, rendering some computer systems inoperable. A Westgate spokesman said systems were back online within 24 hours.

SEC filing

For MGM, the incident was financially material enough for the company to issue a Securities and Exchange Commission filing late Tuesday, which didn’t elaborate on the cybersecurity issue.

Companies generally disclose material information on the SEC’s Form 8-K, a report to announce…

Source…

eFile tax website served malware to visitors for weeks


Just in time for tax season, the IRS-authorized eFile website prompted users to install a Windows botnet trojan through April 1.

eFile.com was serving malware

Windows users that used eFile.com may have been exposed to a malicious JavaScript file prompting users to install a second-stage payload. While users would have needed to interact with this and install the .exe file, it is still recommended to run a virus scan.

According to a report from Bleeping Computer, Reddit users pointed out that the malware had been served since at least mid-march. It has been independently verified that eFile is no longer serving the malware as of April 4.

This affected the eFile website directly. Users that interacted with the service on a Windows PC will need to ensure their system is secure. Neither macOS nor iOS were not affected, but we’re discussing the issue to bring awareness, given that the IRS has yet to make a formal statement about the issue, and millions of Americans could be affected.

A JavaScript file called popper.js was being loaded by nearly every page of eFile.com until at least April, the report confirmed. An additional file named update.js associated with the attack would prompt users to download the next stage of the payload, a Windows executable that changed based on which browser was in use — Chrome or Firefox.

This malicious software was being served from a Tokyo-based IP address hosted with Alibaba. If installed, the trojan would act as a simple backdoor and turn the Windows machine into a botnet member.

The malware would connect to a remote command and control center every ten seconds to receive a task. And despite being a simple backdoor, it had full access to a device.

Antivirus products have reportedly already started flagging the executables as trojans. Again, we urge any Windows user that visited eFile.com in recent weeks to run a scan of their device.

Source…

Internet’s most expensive domain gets just 88,800 monthly visitors




Call it bizarre but the most expensive domain ever on Web, that was bought for $30 million, receives only 88,800 visitors per month while the third costliest domain name has no registered monthly traffic, a report showed on Wednesday.


The voice.com website describes Voice as “a team of technologists, artists and curators using the transformative power of NFTs to make digital art collectable”.


The company bought the domain name in June 2019 from enterprise analytics and software company MicroStrategy but the $30 million investment doesn’t appear to have delivered much return so far.


Voice.com’s monthly traffic according to SimilarWeb currently stands at around 88,800, according to data by web-hosting provider Hostinger.


“It’s fascinating to see how much money has exchanged hands for specific domain names – the cost of the seven names in the list adds up to more than $100 million,” said a Hostinger spokesperson.


For multi-billion-dollar companies, the outlay is relatively small, especially if it secures your presence on the web, strengthens your brand and provides a good stream of traffic to your site.


“However as this study shows, spending millions of dollars on the domain name doesn’t guarantee millions of website visitors,” the spokesperson added.


360.com belongs to the Chinese security company 360 Security Technology Inc, and currently receives 23.9 million monthly visitors, which ranks it as the 154th biggest website in China.


The domain name was bought from Vodafone in February 2015 for $17 million.


At third place, NFTs.com is one of the most recent sales in the top 10, after it was purchased in August 2022 for $15 million.


The site currently contains very little information, but says it is “powered by DigitalArtists.com Marketplace”.


Despite the large price tag, there isn’t enough info for SimilarWeb to estimate its traffic, indicating that very few people are visiting the site.


Sex.com domain name was sold for $13 million in November 2010 from Escom to Clover Holdings after it won an auction.


“The provocative name…

Source…