Website/Web Server Security news, articles & updates| SC Media

Website/Web Server Security

Every presidential campaign website executes suspicious third-party code

An analysis of 11 presidential campaign websites performed last September and again in December found multiple instances of potentially risky third-party code, unwanted code execution and unauthorized data tracking. According to a new report from The Media Trust, 81 percent of executing code on these websites was not internally developed, but rather from external third-party…

Open redirect on Dept. of HHS website benefits COVID-19 phishing scam

A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability found on the U.S. Department of Health and Human Services’ website, HHS.gov. As defined by Trustwave here, an open redirect occurs when a website’s “parameter values (the portion of URL after “?”) in an HTTP…

MS13-061 was scrapped after Microsoft became aware that installing it causes problems.

Report: Account takeover and data scraping attacks on e-retailers up as COVID-19 surges

Masses of global citizens have been retreating to their homes and relying on online services to stock up their domiciles during the coronavirus pandemic, and it could be having an influence on cyberattacks against websites. Researchers at application protection company PerimeterX have reported a two-month increase in account takeover attacks against online home goods retailers,…

Report: NutriBullet’s website injected with skimmer three times by Magecart Group 8

Since February, a prominent Magecart cybercriminal group has injected the same Java-based payment card skimmer program not one, not two, but three times into the compromised international website of blender manufacturer NutriBullet, researchers from RiskIQ have reported. Each time a skimmer was removed from nutribullet.com, the criminal actors, known as Magecart Group 8, would reintroduce…

COVID-19 decoy doc, Cloudflare service used to spread ‘BlackWater’ malware

Researchers have uncovered a new malware campaign that uses the COVID-19 pandemic as a lure, and also abuses platform-as-a-service web infrastructure tools to apparently thwart attempts at blocking command-and-control communications. Dubbed BlackWater, the backdoor malware specifically takes advantage of Cloudflare Workers — an offering of Cloudflare, a popular provider of website operators with content delivery…

Don’t install that security certificate; it’s a malware scam

Cybercriminals have been compromising websites to display a fake security certificate error message in hopes of tricking visitors into downloading the Mokes backdoor or the Buerak downloader. Researchers from Kaspersky who discovered the scam said in a blog post that the ruse is a new twist on the old technique of hacking a website so…

Bug prompts Let’s Encrypt to revoke over 3M TLS certificates

Beginning today, Let’s Encrypt is revoking more than 3 million of its Transport Layer Security (TLS) certificates, following the discovery of a bug that affects the way it rechecks CAA (Certificate Authority Authorization) records. “Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days,” explained Jacob Hoffman-Andrew,…

Botnet2

Report: Extortionists threaten websites with AdSense ban caused by bot traffic

A new email-based extortion campaign is reportedly threatening to flood websites with bot-generated fake traffic so that Google’s anti-fraud mechanisms block their AdSense advertising service accounts. According to security researcher Brian Krebs, the extortionists are telling email recipients that they will soon see a message from Google warning them that the number of ads they…

WordPress GDPR Cookie Consent plugin patched

A patch released this week for WordPress GDPR Cookie Consent plugin used by more than 700,000 websites fixed critical vulnerabilities that would let attackers change and delete content as well as inject malicious JavaScript code. The GDPR Cookie Consent plugin aids sites in complying with EU GDPR/Cookie Law regulations and is maintained by WebToffee. Noting…

New Magecart skimmers practice steganography, data transfer via WebSocket

A researcher has discovered a pair of new Magecart-style web skimmers, each one featuring an evasion technique that’s not typically employed by this breed of malware: steganography and the transfer a data via the WebSocket protocol. The researcher, who uses the handle @AffableKraut, posted his two findings on Twitter last month, prompting the team from…

Next post in Malware