Hackerzhome

hackerzhome-logo-bg

15,000 websites were compromised in a major Google SEO poisoning campaign.

google SEO

Introduction:

Welcome back to the new set of cyber security news Today’s (10-11-22) top 5 news includes information about the Google SEO poisoning campaign, windows update, etc. Read the news and share your thoughts about today’s cybersecurity news in the comment section.

Top 5 Cyber security News:

1. Cloud9 Chrome Botnet Network Spying Browser Extensions: Experts Warn

  • A previously unknown malware strain that has been seen in the wild disguising itself as an add-on for Chromium-based web browsers to capture infected devices into a botnet has been connected to the Keksec threat actor.
  • The rogue browser add-on, known as Cloud9 by security company Zimperium, has a number of functions that allow it to steal cookies, track keystrokes, inject arbitrary JavaScript code, mine cryptocurrency, and even recruit the host to launch DDoS assaults.
  • The JavaScript botnet is spread using bogus executables and malicious websites posing as Adobe Flash Player upgrades rather than the Chrome Web Store or Microsoft Edge Add-ons.
  • The malware might also function as an independent piece of code on any website, legal or otherwise, after installation because the extension is built to inject a JavaScript file named “campaign.js” on all pages. This could result in watering hole attacks.

2. The latest StrelaStealer spyware grabs your Thunderbird and Outlook accounts.

  • In Thunderbird and Outlook, two popular email clients, a new data-stealing spyware called “StrelaStealer” is aggressively taking email account passwords.
  • Most data thieves seek to steal information from a variety of data sources, including browsers, cryptocurrency wallet apps, clipboards, cloud gaming apps,  etc. This behavior differs from that of most data thieves.
  • The malware, which was previously unknown, was found by analysts at DCSO Cytec, who claims to have first encountered it in the wild targeting Spanish-speaking users in early November 2022.
  • Email attachments, which are currently ISO files with varied contents, are how StrelaStealer gets into the victim’s computer.
  • In one instance, the ISO includes a program called “msinfo32.exe” that uses DLL order hijacking to sideload the bundled malware.
  • Analysts noticed a more intriguing situation where the ISO included both an HTML file (x.html) and an LNK file (‘Factura.lnk’). The x.html file is particularly interesting since it is a polyglot file, which means that depending on the program that opens it, it can be treated as a variety of file formats.

3. Update Windows as soon as possible! Six actively exploited zero-days have patches released.

  • Microsoft has issued patches for six actively exploited zero-day vulnerabilities as part of its most recent set of monthly security updates, which address 68 vulnerabilities across its software portfolio.
  • Of the concerns, 12 are classified as Critical, 2 as High, and 55 as Important. This includes the flaws that OpenSSL patched the week prior as well.
  • An actively exploited vulnerability in Chromium-based browsers (CVE-2022-3723), which Google patched as part of an out-of-band update late last month, was also individually addressed at the beginning of the month.
  • The following is a list of actively exploited vulnerabilities that permit privilege elevation and remote code execution: CVE-2022-41092, CVE-2022-41125, CVE-2022-41073, CVE-2022-4118, CVE-2022-41082, and, CVE-2022-41040.

4. 15,000 websites were compromised in a major Google SEO poisoning campaign.

  • In order to divert visitors to phony Q&A discussion boards, hackers have compromised around 15,000 websites as part of a huge black hat SEO campaign.
  • The first to identify the attacks was Sucuri, which asserts that each hijacked site has roughly 20,000 files used in the campaign to spam search engines. WordPress blogs make up the majority of the hijacked websites.
  • The purpose of the threat actors, according to the researchers, is to produce enough indexed pages to boost the authority of the fictitious Q&A sites and help them rank higher in search results.
  • It is likely that the campaign prepares these websites for use as malware droppers or phishing sites in the future given that even a brief operation on the main page of Google Search would result in multiple infections.
  • Another option is that the proprietors of the landing pages are attempting to generate traffic in order to engage in ad fraud based on the existence of an “ads.txt” file on such pages.

5. APT29 Compromised the European Diplomatic Entity Network by Using a Windows Feature.

  • APT29, a nation-state actor with ties to Russia, was found to have attacked an unnamed European diplomatic institution utilizing Credential Roaming, a “lesser-known” Windows feature.
  • Russian espionage group APT29, also known as Cozy Bear, Iron Hemlock, and The Dukes, is well-known for its invasions meant to collect data that is congruent with the country’s strategic objectives. It is said to be funded by the Foreign Intelligence Service (SVR).
  • Some of the adversarial collective’s online activities are openly observed under the moniker Nobelium, a threat cluster that was in response to the significant supply chain compromise via SolarWinds software in December 2020.
  • Credential Roaming is a feature that was added to Windows Server 2003 Service Pack 1 (SP1) that enables users to securely access their credentials (such as private keys and certificates) from various workstations in a Windows domain.

Conclusion

There are risks, threats, and vulnerabilities in every aspect of our life. It can’t be avoided that we live in a world full of cybercrime and malicious software to attack our systems. These cyber-attacks may occur from any place in the world so we need to update ourselves so that we can prevent ourselves from cyber attacks. keep yourself updated through our cyber security news and also stay connected by subscribing to our newsletter. Share your thoughts in the comment section and Comeback again for another set of cyber security news. Thank You!

Share this post
WhatsApp
Telegram
Facebook
Twitter
LinkedIn
Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.

One Response

Leave a Reply

Your email address will not be published. Required fields are marked *

Join Our Community

Table of Contents

weekly trending

SUBSCRIBE VIA EMAIL

Related Articles