Website/Web Server Security news, articles & updates| SC Media

Website/Web Server Security

Don’t install that security certificate; it’s a malware scam

Cybercriminals have been compromising websites to display a fake security certificate error message in hopes of tricking visitors into downloading the Mokes backdoor or the Buerak downloader. Researchers from Kaspersky who discovered the scam said in a blog post that the ruse is a new twist on the old technique of hacking a website so…

Bug prompts Let’s Encrypt to revoke over 3M TLS certificates

Beginning today, Let’s Encrypt is revoking more than 3 million of its Transport Layer Security (TLS) certificates, following the discovery of a bug that affects the way it rechecks CAA (Certificate Authority Authorization) records. “Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days,” explained Jacob Hoffman-Andrew,…

Botnet2

Report: Extortionists threaten websites with AdSense ban caused by bot traffic

A new email-based extortion campaign is reportedly threatening to flood websites with bot-generated fake traffic so that Google’s anti-fraud mechanisms block their AdSense advertising service accounts. According to security researcher Brian Krebs, the extortionists are telling email recipients that they will soon see a message from Google warning them that the number of ads they…

WordPress GDPR Cookie Consent plugin patched

A patch released this week for WordPress GDPR Cookie Consent plugin used by more than 700,000 websites fixed critical vulnerabilities that would let attackers change and delete content as well as inject malicious JavaScript code. The GDPR Cookie Consent plugin aids sites in complying with EU GDPR/Cookie Law regulations and is maintained by WebToffee. Noting…

New Magecart skimmers practice steganography, data transfer via WebSocket

A researcher has discovered a pair of new Magecart-style web skimmers, each one featuring an evasion technique that’s not typically employed by this breed of malware: steganography and the transfer a data via the WebSocket protocol. The researcher, who uses the handle @AffableKraut, posted his two findings on Twitter last month, prompting the team from…

Krampus-3PC malware redirects iPhone users to phishing pages

iPhone users who visited certain publishing websites that were compromised by a malvertising campaign may have gotten an unwelcome visit from the holiday Krampus. No, not the mythical monster that punishes naughty children around Christmastime. In this case, we’re referring to Krampus-3PC, a new mobile malware that seeks out victims’ device and session cookie information…

Magecart skimmer group guns for Smith & Wesson’s Black Friday sales

The e-commerce website of weapons manufacturer Smith & Wesson has been targeted by a Magecart payment card-skimming group that’s been using lookalike domain names to impersonate payment anti-fraud company Sanguine Security. The Smith & Wesson website was compromised with a JavaScript-based skimmer last Wednesday, Nov. 27 – in time to steal card information for any…

Skimming operation creates fake 3rd-party payment processing page to phish victims

Cybercriminals have devised a card-skimming scheme that involves creating a phishing page that impersonates a retailer’s third-party payment service platform (PSP). Certain e-commerce websites outsource their financial transactions by redirecting customers to a secure page operated by PSP companies. But in this scam, discovered by researchers at Malwarebytes, the malicious actors swap out the genuine…

With election on horizon, U.K.’s Labour Party contends with DDoS attacks

The U.K. Labour Party’s digital platforms have been the target of distributed denial of service attack activity since yesterday, impeding access to the political body’s main website. The initial wave of DDoS attacks took place on Nov. 11. Multiple news reports today quoted a Labour Party spokesperson as saying that the barrage of fake traffic…

DDoS attackers claim to be Russian APT group, demand ransom

A group of extortionists claiming to be the Russian APT group Fancy Bear launched a ransom denial of service (RDoS) campaign against numerous industry sectors earlier this month, demanding a payment of 2 Bitcoin to stop bombarding victims with amplified traffic. In all likelihood, the attackers are not truly members of a Russian intelligence agency’s…

Next post in Cybercrime