Tag Archives: Threatpost

New GootLoader Campaign Targets Accounting, Law Firms – Threatpost

New GootLoader Campaign Targets Accounting, Law Firms – Threatpost

GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates. Once prolific spreaders of REvil ransomware, the GootLoader malware gang has pivoted to actively targeting employees of law and accounting firms with malicious downloads. The Threat Response Unit from eSentire issued an alert about having over the past three weeks observed Source link

Read More »

XSS Bug in SEOPress WordPress Plugin Allows Full Site Takeover – Threatpost

XSS Bug in SEOPress WordPress Plugin Allows Full Site Takeover – Threatpost

The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites. A stored cross-site scripting (XSS) vulnerability in the SEOPress WordPress plugin could allow attackers to inject arbitrary web scripts into websites, researchers said. SEOPress is a search engine optimization (SEO) tool that lets site… Source link

Read More »

Malicious PDFs Flood the Web, Lead to Password-Snarfing – Threatpost

Malicious PDFs Flood the Web, Lead to Password-Snarfing – Threatpost

SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware. The pushers behind the SolarMarker backdoor malware are flooding the web with PDFs stuffed with keywords and links that redirect to the password-stealing, credential-snarfing malware. Microsoft Security Intelligence said in a Tweet on Friday that the SolarMarker (also known as… Source link

Read More »

100000 Google Sites Used to Install SolarMarket RAT – Threatpost

100000 Google Sites Used to Install SolarMarket RAT – Threatpost

Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains. Hackers are using search-engine optimization (SEO) tactics to lure business users to more than 100,000 malicious Google sites that seem legitimate, but instead install a remote access trojan (RAT), used to gain a foothold on a network and later infect systems… Source link

Read More »