Wednesday, April 14, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Hundreds of compromised WordPress and Joomla websites are serving up malware to visitors

March 30, 2019
in Internet Security
Phishing campaign attempts to spread a new brand of snooping malware
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Phishing attacks are on the rise
ZDNet’s Danny Palmer sits down with TechRepublic’s Karen Roby to discuss the rising number of phishing attacks and preventative measures you need to be taking. Read more: https://zd.net/2C6rIVO

Websites built on two of the most popular content management systems used in publishing are being hacked and exploited to deliver ransomware and other malware to visitors.

You might also like

‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch

Cyber criminals are exploiting vulnerabilities in plug-ins, themes and extensions on WordPress and Joomla sites and using them to serve up Shade ransomware and other malicious content.

Researchers at security company Zscaler have detailed how attackers are using a hidden directory on HTTPS for malicious purposes. This well-known directory is commonly used by website owners to demonstrate ownership of the domain to the certificate authority that scans for code to recognise that the domain is validated.

However, by using exploits to gain access to these hidden pages, attackers can use them to hide malware and other malicious content from website administrators.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Over the past few weeks, researchers have spotted a spike of threats stowed away in the hidden directory, with Shade ransomware – also known as Troldesh – the most common threat deployed in this way.

“The spam emails usually contains link to the HTML redirector page hosted on the compromised site which downloads the malicious zip file. User needs to open the JavaScript file inside the ZIP and this JavaScript file will download the ransomware from the compromised site and execute it,” Deepen Desai, VP for security research and operations at Zscaler, told ZDNet.

Over 500 websites have been compromised and thousands of attempts have been made to drop ransomware, phishing links and other malicious content.

Meanwhile, phishing pages are hosted under SSL-validated hidden directories and pop-up in an effort to fool the potential victim into handing over their usernames and passwords.

The compromised WordPress sites are using versions 4.8.9 to 5.1.1 and tend to be using outdated CMS themes or server-side software which researchers suggest is likely the reason for the compromise.

It’s not known who is behind the cyber-criminal campaign, but Zscaler is working to inform the owners of the websites about the attacks. The full list of Indicators of Compromise is available in the analysis of the attack.

READ MORE ON CYBER CRIME

Credit: Source link

Previous Post

Bithumb Hacked (Once Again), Hacker Stole $13 Million in Cryptocurrency

Next Post

Jetson Nano review: Is it AI for the masses?

Related Posts

‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system
Internet Security

‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system

April 14, 2021
Microsoft April patch download covers 114 CVEs including new Exchange Server bugs
Internet Security

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

April 14, 2021
Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch
Internet Security

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch

April 14, 2021
Samsung’s new Galaxy Quantum 2 uses quantum cryptography to secure apps
Internet Security

Samsung’s new Galaxy Quantum 2 uses quantum cryptography to secure apps

April 14, 2021
Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
Next Post
Jetson Nano review: Is it AI for the masses?

Jetson Nano review: Is it AI for the masses?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Seminar on Machine Learning Techniques in Banking – India Education| Global Education |Education News
Machine Learning

Seminar on Machine Learning Techniques in Banking – India Education| Global Education |Education News

April 14, 2021
Four Tips for Better Videos Ads on LinkedIn [Infographic]
Marketing Technology

Four Tips for Better Videos Ads on LinkedIn [Infographic]

April 14, 2021
‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system
Internet Security

‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system

April 14, 2021
Applying artificial intelligence to science education — ScienceDaily
Machine Learning

Machine learning can help slow down future pandemics — ScienceDaily

April 14, 2021
B2B Marketers’ vs. Visitors’ Top Website Features
Marketing Technology

B2B Marketers’ vs. Visitors’ Top Website Features

April 14, 2021
Microsoft April patch download covers 114 CVEs including new Exchange Server bugs
Internet Security

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

April 14, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Seminar on Machine Learning Techniques in Banking – India Education| Global Education |Education News April 14, 2021
  • Four Tips for Better Videos Ads on LinkedIn [Infographic] April 14, 2021
  • ‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system April 14, 2021
  • Machine learning can help slow down future pandemics — ScienceDaily April 14, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates