Cybercrime

Website Defacement: Age-Old but Still Works as Ongoing Campaigns Show

Threat actors the world over have long been employing website defacement as a tactic to further their political, environmental, or even personal agenda. They essentially replace the content of target sites to display their messages through various means, including SQL injection, cross-site scripting (XSS), and other initial compromise techniques.

Don’t Hit That Update Button Just Yet, It Could Lead to Malware Infection

It is quite natural to get prompts from software manufacturers saying you need to update your installed apps every so often for better security or to fix bugs. But you should know, too, that threat actors often use program update notifications as malware distribution vehicles.

Behind the Bylines of Fake News and Disinformation Pages

Fake news and disinformation have been significant issues for some time now, even urging the U.S. government to push back against proliferators who, some opine, do the malicious deed for political or financial gain. Amid this scenario, many have begun doubting what's real and what's not on the Web not just in the U.S. but worldwide.

Through the Spyglass: NSO Group Spyware Pegasus in Focus

The NSO Group has been known for targeting dissident journalists and bloggers notably with its proprietary spyware Pegasus. In November 2021, for instance, Apple sued the NSO Group for its alleged surveillance and targeting of its device users.

Sinkholing May Not Spell the End for Malware Hosts and Botnets

Sinkholing has long been employed as an effective cybersecurity solution to curb the spread of dangerous malware. Remember the infamous WannaCry ransomware outbreak in 2019? Security teams put a stop to the threat through sinkholing.

We Don’t Want to Spoil Mother’s Day but These Domains Might

We're supposed to spoil our mothers on Mothers' Day, but with various scams out there, you may end up losing money or with a malware-infected device. WhoisXML API researchers found more than a thousand digital properties that could be used in Mothers' Day scams.

Expanding the Conti Ransomware IoCs Using WHOIS and IP Clues

On 9 March 2022, the Cybersecurity and Infrastructure Security Agency (CISA) added 98 indicators of compromise (IoCs) to their Conti ransomware alert page. WhoisXML API researchers examined these flagged domain names for recurring characteristics to uncover more artifacts.

HermeticWiper: Another Threat Targeting Ukraine at Large

HermeticWiper, also known as "IsaacWiper" or "Sandworm," which wipes the data on computers, rendering them useless, has reportedly affected hundreds of Ukrainian users since it surfaced. While a few cybersecurity specialists have publicized indicators of compromise (IoCs) related to the ongoing campaigns, we found more connected web properties that users may need to steer clear of to avoid becoming the next victims.

Operation Dream Job: Same Tactics, New Vulnerability and Domains?

Operation Dream Job, a malicious group first seen in 2020, involves threat actors spoofing job hunting sites to lure people. It resurfaced in February 2022, this time exploiting a zero-day vulnerability in Google Chrome more than a month before the flaw was detected and a patch was made available.

A Look at Actinium/Gamaredon’s Infrastructure: More Artifacts Revealed

Actinium/Gamaredon, reported as a Russian advanced persistent threat (APT) group that has been active for almost a decade now, had started trailing their sights on Ukrainian organizations back in February 2022.