Select Page
KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms

KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms

An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting “dozens of known vulnerabilities” to target widely-used content management systems (CMS).

The “KashmirBlack” campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, Vbulletin, OsCommerence, OpenCart, and Yeager.

“Its well-designed infrastructure makes it easy to expand and add new exploits or payloads without much effort, and it uses sophisticated methods to camouflage itself, stay undetected, and protect its operation,” Imperva researchers said in a two-part analysis.

The cybersecurity firm’s six-month-long investigation into the botnet reveals a complex operation managed by one command-and-control (C2) server and more than 60 surrogate servers that communicate with the bots to send new targets, allowing it to expand the size of the botnet via brute force attacks and installation of backdoors.

The primary purpose of KashmirBlack is to abuse resources of compromised systems for Monero cryptocurrency mining and redirect a website’s legitimate traffic to spam pages. But it has also been leveraged to carry out defacement attacks.

images from Hacker News

How to Run Google SERP API Without Constantly Changing Proxy Servers

How to Run Google SERP API Without Constantly Changing Proxy Servers

You’ve probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web page. Companies and coders from across the world use them to download Google’s SERP data. And they work well – for a little while.

After several scrapes, Google’s automated security system kicks in. Then it kicks you out.

The standard was to bypass the block is to use a proxy. However, each proxy only allows a limited number of scrapes. That’s why Google SERP APIs are the perfect tool to overcome these limitations.

This article examines how to overcome Google web scraping issues without changing proxy servers.

Read on to learn more about web scraping. Discover the types of data you can extract. And how API web scraping tools can make your life a lot easier.

What Is Web Scraping?

Think of a website that you want to copy information from. How can you extract that data without entering the site on your browser and downloading the HTML source?

Web scraping is the process of automating the extraction of website content through software.

Most high-level languages like Python or Java can web scrape using a few lines of code. Data is then parsed and stored to be processed later.

images from Hacker News

FBI, DHS Warn Of Possible Major Ransomware Attacks On Healthcare Systems

FBI, DHS Warn Of Possible Major Ransomware Attacks On Healthcare Systems

The US Federal Bureau of Investigation (FBI), Departments of Homeland Security, and Health and Human Services (HHS) issued a joint alert Wednesday warning of an “imminent” increase in ransomware and other cyberattacks against hospitals and healthcare providers.

“Malicious cyber actors are targeting the [Healthcare and Public Health] Sector with TrickBot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services,” the Cybersecurity and Infrastructure Security Agency said in its advisory.

The infamous botnet typically spreads via malicious spam email to unsuspecting recipients and can steal financial and personal data and drop other software, such as ransomware, onto infected systems.

It’s worth noting that cybercriminals have already used TrickBot against a major healthcare provider, Universal Health Services, whose systems were crippled by Ryuk ransomware late last month.

TrickBot has also seen a severe disruption to its infrastructure in recent weeks, what with Microsoft orchestrating a coordinated takedown to make its command-and-control (C2) servers inaccessible.

“The challenge here is because of the attempted takedowns, the TrickBot infrastructure has changed and we don’t have the same telemetry we had before,” Hold Security’s Alex Holden told The New York Times.

images from Hacker News

[Webinar and eBook]: Are You’re Getting The Best Value From Your EDR Solution?

[Webinar and eBook]: Are You’re Getting The Best Value From Your EDR Solution?

Many companies rely on Endpoint Detection and Response (EDR) solutions as their primary security tool to protect their organizations against cyber threats.

EDR was introduced around eight years ago, and analysts now peg the EDR market size as $1.5 to $2.0 billion in annual revenue globally, expecting it to quadruple over the next five years. The recent introduction of Extended Detection and Response (XDR) solutions, however, will certainly cut into a significant portion of that spend.

A new provocative eBook: “5 Questions to Determine: Is Your EDR Providing the Best Bang for Your Buck?” (Download here) helps security executives who currently use an EDR solutionת determine if they’re continuing to get their “bang for the buck” from their EDR provider when compared to newer, equally-priced technologies as XDR. It’s also an excellent resource for companies who are in the steps of choosing an EDR solution to deploy.

A live webinar around the same topic will be held in the next few weeks; register for the webinar here.

The five questions to ask

Let’s quickly look at the five questions you should ask to help decide if you should stay with your EDR solution or consider upgrading to an XDR solution. Read in the Cynet eBook the discussion of how alternative approaches might improve on the capabilities of your current EDR solution.

images from Hacker News

TrickBot Linux Variants Active in the Wild Despite Recent Takedown

TrickBot Linux Variants Active in the Wild Despite Recent Takedown

Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware aren’t sitting idle.

According to new findings shared by cybersecurity firm Netscout, TrickBot’s authors have moved portions of their code to Linux in an attempt to widen the scope of victims that could be targeted.

TrickBot, a financial Trojan first detected in 2016, has been traditionally a Windows-based crimeware solution, employing different modules to perform a wide range of malicious activities on target networks, including credential theft and perpetrate ransomware attacks.

But over the past few weeks, twin efforts led by the US Cyber Command and Microsoft have helped to eliminate 94% of TrickBot’s command-and-control (C2) servers that were in use and the new infrastructure the criminals operating TrickBot attempted to bring online to replace the previously disabled servers.

Despite the steps taken to impede TrickBot, Microsoft cautioned that the threat actors behind the botnet would likely make efforts to revive their operations.

images from Hacker News