Tag: Website Security

  • Phishing: Stopping Socially Engineered ChatGPT Threats

    Phishing: Stopping Socially Engineered ChatGPT Threats

      ChatGPT and other generative AI techniques may be used to create believable phishing emails and social engineering schemes. Here’s how to recognise them and combat them. What is the distinction between a tool and a weapon? It all comes down to purpose. What someone uses to be creative may also be utilised to be…

  • Malware: A new data-stealing campaign is targeting online sellers

    Malware: A new data-stealing campaign is targeting online sellers

    A new effort is targeting e-commerce sellers to spread Vidar; data-stealing malware. It allows threat actors to obtain credentials for more destructive assaults. Threat actors initiated the latest effort this week, issuing complaints to online store administrators via email and website contact forms. These emails appear to be from a client of an online business…

  • How SSL helps in SEO for higher website rankings?

    How SSL helps in SEO for higher website rankings?

    For your website visibility and ranking in Google’s search results, you must conduct a lot of SEO. We mean it. But what if there was a simple tip you could do to boost your SEO rankings? Not only that but how about increasing the security of your website? Which Google appreciates! Yes, with an SSL…

  • Hackers utilise Azure Serial Console to get unauthorised access

    Hackers utilise Azure Serial Console to get unauthorised access

    A cybergang is utilising phishing and SIM swapping attacks to compromise Microsoft Azure admin credentials and get access to VMs.   The attackers then utilise the Azure Serial Console to install remote management software and Azure Extensions for covert surveillance.     According to the online security website, the cybergang known as UNC3944 has been active…

  • WordPress plugin vulnerability affected more than 2 million sites

    WordPress plugin vulnerability affected more than 2 million sites

    Following a security issue, users of the Advanced Custom Fields WordPress plugins are being recommended to update to version 6.1.6. The security flaw, known as CVE-2023-30777 is reflected in cross-site scripting (XSS). Moreover, it may be exploited to insert arbitrary executable programmes into otherwise secure web pages. There are more than two million active installs…

  • WordPress Sites Infected with Balada Injector Malware Campaign

    WordPress Sites Infected with Balada Injector Malware Campaign

    Since 2017, it’s been reported that over a million WordPress websites have been infected by malware known as Balada Injector.   According to the cybersecurity website, various vulnerabilities in themes and plugins are abused in this comprehensive effort to compromise WordPress websites. Every few weeks, the attacks are known to occur in waves.   Ongoing campaign…

  • The Evolution of IcedID: From Banking Fraud to malware Delivery

    New versions of IcedID no longer possess the capability for unusual online banking fraud. It concentrates on spreading more malware on compromised systems.   According to the cybersecurity website, since late last year, three different hackers have used these new variants in seven operations. Moreover, all these operations have as their primary objective; the distribution of…

  • Google Cloud storage is not as secure as we believe

    Google Cloud storage is not as secure as we believe

    Google Cloud Logs are a detective’s best friend. Google Cloud may have some worrying security issues. It allows threat actors to steal data without being detected by the cloud storage platform. According to cybersecurity website experts, who discovered that Google Cloud Platform (GCP) logs are often used to identify assaults. They comprehend what threat actors have accomplished,…

  • Why are cybercriminals using more Domain Shadowing?

    Why are cybercriminals using more Domain Shadowing?

    There have been 12,197 cases reported for domain shadowing between April 2022 and June 2022. Domain Shadowing is a subdomain of DNS hijacking. In domain shadowing, the hijacker compromises the DNS of a legitimate domain to use in malicious activities but will never compromise the legitimate DNS that already exists.  The attacker uses these subdomains…

  • Dangerous Google Chrome extensions were installed on over a million devices

    Dangerous Google Chrome extensions were installed on over a million devices

    Chrome extensions pose as legitimate browser services. Researchers discovered a collection of malicious Google Chrome extensions aimed to track browsing activities on over 1.4 million devices. McAfee – a computer security company stated the objective of the scam is to change the victim’s browser cookies each time they visit an e-commerce website. This will earn…