A new FakeUpdates campaign targeting WordPress sites has been detected
20/03/2024Over the past few weeks, a new wave of the FakeUpdates malware, also known as SocGholish, has been detected, aimed at WordPress websites. The objective is to lure users into downloading remote access trojans, allowing attackers to take control of their systems. Since its emergence in 2017, FakeUpdates has been one of the most recurring malicious software in the cyber threat landscape. It has previously been associated with cybercriminal groups like Evil Corp, who monetize its use by selling access to infected systems. In this new campaign, cybercriminals are using JavaScript to target WordPress web pages, compromising compromised administrator accounts to introduce altered versions of WordPress plugins. These adulterated versions deceive users into downloading remote access trojans, granting attackers full control over infected devices. What is the most popular type of malware? In addition to the FakeUpdates attack, the threat index from Check Point Research, whose researchers have warned about this new attack, reveals around 200 suspicious content websites directed by ransomware groups. They utilize double extortion tactics to pressure victims into paying immediate ransoms. These attacks have impacted many companies, with the Lockbit3 ransomware being the most utilized by cybercriminals, followed by Play and 8base. The most exploited vulnerabilities by malicious actors include 'Web Servers Malicious URL Directory Traversal,' 'Command Injection Over HTTP,' and 'Zyxel ZyWALL Command Injection,' affecting numerous companies worldwide and allowing attackers to access and manipulate files or execute commands on compromised systems. In Spain, despite a 7% decrease in malware attacks in February, the most sought-after malware includes FakeUpdates, Qbot, and Pandora. In the case of FakeUpdates, it has affected 11.9% of companies in Spain. Mobile Malware In the realm of mobile devices, Anubis remains the most utilized malware in Spain, followed by AhMyth and Hiddad, all designed to compromise the security and privacy of Android device users by collecting confidential information and executing malicious actions.
[ ... ]
Roku warns of unauthorized access to hundreds of its customers' accounts
19/03/2024A Roku investigation, the company that manufactures media streaming devices running Roku software to access all kinds of streaming content, has revealed unauthorized access to hundreds of its users' accounts, "likely due to compromised login credentials obtained from third-party sources unrelated to Roku," they said. According to the company itself, these credentials were used to access Roku accounts, where changes were made, including attempts to purchase streaming subscriptions. However, in an official statement, Roku said that any sensitive personal data such as full payment account numbers could not be accessed. The affected accounts were secured and required password resets, as well as the cancellation of unauthorized subscriptions. Roku has announced that it will refund its users for all unauthorized charges. "What can I do if I can't access Roku? Roku has reset all passwords for accounts affected by these unauthorized accesses, so if we are holders of one of them, we may not be able to access it in the usual way. To regain access, we should go to my.roku.com and use the "Forgot your password?" option. Additionally, the company recommends reviewing subscriptions and devices linked to the Roku account from the Roku account Dashboard."
[ ... ]
WiFi Security: Assessment of threats in wireless networks
08/03/2024Wifi connectivity has gone from being limited to restricted environments to becoming omnipresent in virtually every aspect of our daily lives. The ability to connect to the Internet from anywhere, be it at home, in a café, at work, in public spaces, or even in-flight, has enhanced the convenience in our daily lives. Moreover, the expansion of Wifi networks and the use of new manufacturing technologies now allow the interconnection of devices, leading to the significant rise of the Internet of Things (IoT) and providing users with more comprehensive control over their digital environments. However, this proliferation of Wifi networks has also given rise to new threats that require careful evaluation and effective security strategies to ensure secure and risk-free Wifi connections for our data and information. Common Wifi security threats include data interception Man-in-the-Middle (MITM) attacks One of the fundamental challenges in Wifi security is preventing MITM attacks, where an intruder inserts themselves into the communication between two parties, compromising the integrity and confidentiality of sensitive data such as passwords and financial information. Spoofing of access points Hackers can create fake Wifi networks that mimic legitimate ones to attract unsuspecting users. Once connected to these malicious networks, our data can be captured by cybercriminals who may sell or misuse it for illicit purposes. Tips for achieving a secure Wifi connection: Strengthen authentication and use security protocols Prioritize strong encryption for networks to protect confidential information transmitted through it. WPA (Wifi Protected Access) encryption uses stronger algorithms than its predecessor, WEP (Wired Equivalent Privacy), making it more difficult for hackers to intercept and decipher data. Advanced security protocols like WPA3 provide individualized data encryption and advanced two-factor authentication (2FA) methods, adding an extra layer of security by requiring additional verification. Device management Properly manage and monitor devices connected to Wifi networks to minimize risks associated with the large number of connected devices in homes and businesses. Regularly update the router firmware and all connected devices to address potential vulnerabilities. Segmentation of the network to separate critical devices from less secure ones also helps mitigate the risk of threat propagation. Secure Router Configuration The router secure configuration is what will ensure the robustness and overall security of a wireless network. The router, being the first point of contact for devices connected to the Internet, acts as the first line of defence against potential attacks. For this reason, it is important to understand that the proper configuration of the router not only guarantees a stable and efficient connection but also establishes a protected environment that safeguards the integrity and privacy of our data. How to configure the router securely? To ensure a correct and secure configuration of the router, it is recommended to: Change the default username and password of the router, as these are easily accessible to attackers. Use strong passwords containing a combination of letters, numbers, and special characters. Disable remote administration to prevent cybercriminals from accessing the router externally. Enable WPA2 or WPA3 encryption instead of the outdated WEP for enhanced network security. Optionally, disable SSID broadcast to make the network less visible and harder to detect by hackers. Keep the router firmware updated to address vulnerabilities and improve overall device security. By following these steps, you will strengthen the security of your wireless network and reduce the chances of experiencing unwanted attacks or intrusions.
[ ... ]