A new FakeUpdates campaign targeting WordPress sites has been detected
20/03/2024Over the past few weeks, a new wave of the FakeUpdates malware, also known as SocGholish, has been detected, aimed at WordPress websites. The objective is to lure users into downloading remote access trojans, allowing attackers to take control of their systems. Since its emergence in 2017, FakeUpdates has been one of the most recurring malicious software in the cyber threat landscape. It has previously been associated with cybercriminal groups like Evil Corp, who monetize its use by selling access to infected systems. In this new campaign, cybercriminals are using JavaScript to target WordPress web pages, compromising compromised administrator accounts to introduce altered versions of WordPress plugins. These adulterated versions deceive users into downloading remote access trojans, granting attackers full control over infected devices. What is the most popular type of malware? In addition to the FakeUpdates attack, the threat index from Check Point Research, whose researchers have warned about this new attack, reveals around 200 suspicious content websites directed by ransomware groups. They utilize double extortion tactics to pressure victims into paying immediate ransoms. These attacks have impacted many companies, with the Lockbit3 ransomware being the most utilized by cybercriminals, followed by Play and 8base. The most exploited vulnerabilities by malicious actors include 'Web Servers Malicious URL Directory Traversal,' 'Command Injection Over HTTP,' and 'Zyxel ZyWALL Command Injection,' affecting numerous companies worldwide and allowing attackers to access and manipulate files or execute commands on compromised systems. In Spain, despite a 7% decrease in malware attacks in February, the most sought-after malware includes FakeUpdates, Qbot, and Pandora. In the case of FakeUpdates, it has affected 11.9% of companies in Spain. Mobile Malware In the realm of mobile devices, Anubis remains the most utilized malware in Spain, followed by AhMyth and Hiddad, all designed to compromise the security and privacy of Android device users by collecting confidential information and executing malicious actions.
[ ... ]
Interpol opens its first office in the Metaverse
07/11/2022Interpol, the International Criminal Police Organization or International Police, has presented its first office in the metaverse through which they intend to improve the fight against crime in the digital universe. The digital police station, which is a copy of the General Secretariat of Interpol in Lyon (France), will offer training for investigators and police officers and will allow the collaborators of this international organization to interact through their avatars, without geographical or physical limits. The inauguration of this new virtual center had been accompanied by the announcement of the creation of a group of Interpol experts that will advise police forces around the world about the risks on the global stage. Also, it has been announced that the International Police Organization has joined Meta, Microsoft and other technology giants to define the metaverse and protect communities from cybercrime, including globally recognized and criminalized crimes, such as sexual harassment, 'phishing', financial fraud or 'ransomware', among others. The objective of this joint work, they explained, is to create regulatory frameworks "and eliminate future criminal markets before they are fully formed." According to a study by the technology company Gartner, in over three years, in 2026, one of four people will spend at least one hour a day in the metaverse to work, shop and interact with other users.
[ ... ]
Google launches ChromeOS Flex to give a second life to outdated computers
21/07/2022Google has just introduced ChromeOS Flex, a new version of their cloud-based operating system that will allow "rejuvenating" Windows and Mac computers that have become available. The system must be downloaded directly from the web and can be installed on the computer via USB or the company network. ChromeOS Flex is now ready to give outdated Windows and Mac computers a second life. At the moment, Google has already certified nearly 300 devices compatible with ChromeOS Flex, from leading brands on the market such as Apple, Acer, Dell or Microsoft. Although Google has advanced that not having the certification does not prevent the installation of the operating system on our old computer. Some of the services offered by this operating system are, the protection against ransomware and malware; background updates; remote management of applications and, of course, the possibility of giving a new life to an outdated computer. “By installing ChromeOS Flex on an older computer, you're not only getting a great experience, you're also contributing to an important cause. Every year 40 million tons of electronic waste is generated worldwide, which is equivalent to throwing away 800 laptops every second. Updating devices to ChromeOS Flex instead of completely replacing them is one way to reduce this waste.
[ ... ]
The use of magnetic tapes to store data is growing
11/05/2022Although cloud storage continues to be a growing resource for many companies to promote hybrid work environments, for security reasons, many other companies have decided not only to return to hard drives, SD cards or pen drives, but even to magnetic tapes. According to the Swedish firm Sweclockers, storage on this format skyrocketed in 2021 and grew, compared to the data recorded in the previous year, by 35%. Being a format that is not connected to the internet and therefore free from the threats of ransomware and malware, magnetic tapes are increasing their popularity again and companies such IBM, HP or Seagate/Quantum have already launched updated versions of these tapes on the market that include Linear Tape-Open (LTO) technology and high storage capacity, according to the current needs of companies. The main difference from other digital storage media is that magnetic tapes can only read and write data sequentially, and this cannot be done simultaneously.
[ ... ]
Ransomwhere, new platform to track cyberattack payments
13/07/2021This week was made known the unveiling of Ransomwhere, a new collaborative data platform born with the intention of being able to track 'ransomware' ransom payments to cybercriminals wallets. The platform launched by cybersecurity researcher Jack Cable, allows data to be entered into the Ransomwhere website in an open and transparent format, so that users can easily report on the cryptocurrency wallets used in their ransomware attack payments, often included in the ransom notes of the attacks, and through this data the figure obtained in extortion payments to cybercriminals is obtained. As these payments are made with cryptocurrencies, the transactions can be traced as they are opened by the use of the blockchain or Blockchain. According to the first data obtained in these first weeks of operation, Ransomwhere has reported that it has already recorded more than $33 million paid this past year in ransomware and accumulated data of about $28 million more satisfied previously. This information also shows that the ransomware with the highest income so far is Netwalker, with more than 27 million dollars, followed by REvil / Sodinokibi, with more than 11 million.
[ ... ]
Macro cyber-attack affects more than 350 companies worldwide
07/07/2021The number of companies that have suffered from the REvil macro cyberattack now exceeds 350 organizations worldwide from which the cybercriminals are demanding 70 million in bitcoins to provide them with a universal decryptor to restore their data. The attack was conducted through the update system of IT services software company Kaseya, which REvil exploited to spread and hide ransomware. The virus was leaked to TI Kaseya resellers and from there has reached all end customers using their software. The official data provided by TI Kaseya sets the number of affected companies at 350, although other sources such as the cybersecurity company ESET talk about more than 1,000, including some Spanish organizations, although no names have been disclosed. It has been made public that one of the companies most affected by the cyberattack has been the Swedish supermarket chain Coop, which has had to close its more than 800 points of sale for a few days due to the impossibility of using its cash registers or charging customers. Based on Sophos threat intelligence, REvil has been active in recent weeks and is currently the dominant ransomware gang involved in Sophos' defensively managed threat response cases. Prior to this latest attack, they were also responsible for the one suffered by meat company JBS, which forced the cancellation of all work shifts at the company's slaughterhouses in the US. JBS paid up to 11 million to restore normal operations. These macro cyber-attacks are in addition to other recent and highly significant ones, such as the one perpetrated by the hacker group DarkSide, which forced the preventive shutdown of the largest oil pipeline network in the United States, Colonial Pipeline, endangering the supply of fuel in a large part of the country, or the one suffered by the SEPE and the Ministry of Labor in Spain a few weeks ago.
[ ... ]
How to keep your Mac safe?
28/06/20215 things you should do to protect your Mac How many times have we heard that Mac is a more than secure and unbreakable system? For years, Apple has made its security through obscurity, or in other words, its proprietary software, flagship and brand guarantee. Today, however, just when Mac is no longer a minority option, Steve Jobs' system has become another favorite target for hackers and cybercriminals. The market has responded to this with the development of specific protection tools for Mac, while Apple works on optimizing its system in each version. Knowing what kind of tools exist for Mac and which ones are already included in our computer will help us to stay safe and choose the best strategy that fits our needs and use of the equipment. 1. Use computer security tools Cybersecurity is a universal and necessary practice in all operating systems today. The objective is to ensure protection against attacks and theft by cybercriminals who are looking for personal or confidential information stored on our computers or that enters or leaves them, in order to use it for their own benefit. What is VPN security? Cybersecurity tools help us to minimize our footprint on the Internet and thus increase our privacy and security. In this regard, VPN services for Mac stand out, as they incorporate advanced protection technologies capable of connecting to the Internet through intermediate servers, so that our IP address - our identification on the network - is replaced by the IP address of this secure server, without anyone being able to trace our connection. This type of VPN service also encrypts any information leaving our computer, thus preventing it from being accessed on its journey to its destination. This is essential, for example, when using public Wi-Fi networks to connect to the Internet. 2. Keep the operating system and software up to date As simple as it may seem, one of the best and easiest ways to protect a Mac is to always have the latest version of the operating system installed and to work with updated software downloaded from the Mac App Store. System updates usually include security patches, among other things. How do I update my Mac? Through the System Preferences Panel of our computer we can set that when there are available updates we receive a notice from MacOs warning us of it or that these updates, whether system data files, security updates or official software are installed automatically. To check if we are working with the latest versions available and our Mac is up to date we can do it by checking through this same panel if there are updates available at that time. If we have checked the automatic updates option, Mac will do this task for us routinely. 3. Use secure settings Mac's default security settings can be greatly enhanced by manually configuring the security and privacy terms of our computer. How to change the Privacy and Security preferences on the Mac? By accessing the "Privacy" tab of the "Security and Privacy" option of the Control Panel we will have the option to manage what information we allow our computer to make available to others over the Internet or on a network and what applications we allow access to our data and files. In the same way, but through the "Security" tab, we will be able to incorporate passwords for the access to different tasks and operations of the computer and through the "FileVault" tool we will be able to ensure the encryption, for example, of our personal information or certain documents for which a password will be required to unblock them. 4. Use an Antivirus for Mac There are antivirus programs developed specifically for Mac. Some of them are special for certain threats, although in general most of them offer a wide range of services to help us keep our computers safe. Which is the best antivirus for Mac? The range of antivirus for Mac, free and paid, is nowadays much wider than a few years ago, highlighting among the most complete and advanced, antivirus with malware protection functions in real time, tools against digital identity theft, protection against spyware or advanced detection and removal of blackmail programs. 5. Make regular backups Apple has a native function, Time Machine, which makes backup copies of our hard disk on a separate secondary disk, so that if for any reason we suffer an attack or a breakdown we can recover all the information. Many antiviruses offer a backup service, backup or backup similar but in the cloud, as a preventive measure against writing errors on the disk, theft of devices or even against data hijacking or ransomware.
[ ... ]