Aggregator

Stealthy WordPress Malware Uncovered: Multi-Stage RAT Injects via Header.php, Hides Traces

Penetration Testing Tools - Metepreter.org
8 months 4 weeks ago

Cybercriminals have launched a new wave of attacks targeting WordPress websites—so meticulously concealed that the campaign was only recently uncovered. Security experts at Sucuri have discovered that compromised websites are being used as silent...

The post Stealthy WordPress Malware Uncovered: Multi-Stage RAT Injects via Header.php, Hides Traces appeared first on Penetration Testing Tools.

ddos

Scammers are trick­ing travelers into booking trips that don’t exist

Help Net Security
8 months 4 weeks ago

Not long ago, travelers worried about bad weather. Now, they’re worried the rental they booked doesn’t even exist. With AI-generated photos and fake reviews, scammers are creating fake listings so convincing, people are losing money before they even pack a bag. The FTC reported that Americans lost $274 million to vacation and travel fraud in 2024. Why travelers fall for it Travel is expensive and people are doing everything they can to find cheaper deals. … More →

The post Scammers are trick­ing travelers into booking trips that don’t exist appeared first on Help Net Security.

Sinisa Markovic

Feds: $14.6 Billion in Healthcare Fraud Busted in Takedown

Ransomware DataBreachToday.com
8 months 4 weeks ago
New Multi-Agency 'Fusion Center' Using AI, Other Tech Will Improve Investigations
The Department of Justice in collaboration with the Department of Health and Human Services and other agencies said it has busted $14.6 billion in a wide range of healthcare fraud in 2025. The feds say a new "fusion center" using AI and other technologies will improve investigations moving forward.

'Skynet' Tries to Outwit AI Malware Analysis

Ransomware DataBreachToday.com
8 months 4 weeks ago
This Is Not the Malicious Code You're Looking For, Malware Tells AI
If you can't outsmart the antivirus, maybe you can sweet-talk the algorithm into looking the other way. Security researchers discovered what appears to be the first known attempt to deploy prompt injection against artificial intelligence-powered malware analysis.

Senate Strips AI Moratorium Amid Sharp Bipartisan Opposition

Ransomware DataBreachToday.com
8 months 4 weeks ago
Republicans Remove Controversial AI Regulatory Ban in Trump's 'Big, Beautiful Bill'
Senate Republicans removed a state moratorium on artificial intelligence regulations from its version of President Donald Trump's "big, beautiful bill" following bipartisan warnings the component could risk data privacy and civil rights - particularly without a strong federal regulatory framework.

20 States Sue HHS to Stop Medicaid Data Sharing with ICE

Ransomware DataBreachToday.com
8 months 4 weeks ago
California AG Leads Effort to Prohibit DHS, ICE From Accessing Personal Health Data
California and 19 other states are suing the Trump administration to stop the U.S. Department of Health and Human Services from allegedly disclosing Medicaid beneficiaries' personal health information to the Department of Homeland Security and Immigration and Customs Enforcement.

链接式网络钓鱼:可信域如何成为威胁载体

不安全
8 months 4 weeks ago
文章指出网络钓鱼攻击已演变为链式网络钓鱼,利用可信域名和企业工具引导用户进入钓鱼陷阱。传统安全工具难以检测此类攻击,需加强浏览器层面的实时防护以应对零小时威胁。

链接式网络钓鱼:可信域如何成为威胁载体

嘶吼
8 months 4 weeks ago

网络钓鱼仍然是网络安全最持久的威胁之一,不是因为防御者没有进化,而是因为攻击者适应的速度更快。

如今,最有效的广告活动不仅仅是建立在欺骗电子邮件或可疑域名的基础上。他们采用了一些更为隐秘方式:信任我们每天使用的工具和服务,达成零小时网络钓鱼的目的。

链式网络钓鱼的兴起

传统的网络钓鱼依赖于容易识别的危险信号,如可疑的发件人和可疑的url。但现代网络钓鱼已经成熟。攻击者现在部署链式序列,在获取凭证之前,通过可信的基础设施从电子邮件中引导受害者。

员工可能会收到来自谷歌Drive或Dropbox的链接。乍一看,没什么不寻常的。但在点击之后,用户会被悄无声息地引导到一系列提示中,每个提示看起来都是可信的,直到他们在不知情的情况下将业务必需的凭据交给攻击者。

这种技术,我们称之为链式网络钓鱼,依赖于利用企业工具允许的合法平台和信誉良好的域,而IT安全团队却没有注意到。

浏览器网络钓鱼保护与保持警惕

实时阻止网络钓鱼攻击,其实应该从浏览器内部开始。浏览器已经成为知识工作者世界的中心。从代码审查到人力资源任务,几乎每个操作都在浏览器选项卡中开始和结束。

这种集中化为攻击者提供了一个可以利用的单一表面,但它却受到了极大的保护。当链接似乎来自已知域并遵循预期行为时,即使是最具安全意识的员工也可能被欺骗。用户通常认为他们正在进行正常的活动,直到为时已晚。

利用合法链接,通过电子邮件身份验证检查,甚至插入captcha,攻击者绕过传统防御,使零小时网络钓鱼在未被发现的情况下成功。

验证码和验证步骤现在在日常浏览中如此普遍,攻击者利用它们作为社会工程策略,不仅在网络钓鱼活动中,而且在其他基于浏览器的威胁中,如ClickFix。

使用被攻破的域、验证码和电子邮件验证的链接式鱼叉攻击示例

“已知安全”不再安全

这种转变凸显了一个事实:已知的安全信号不再是可靠的安全信号。事实上,它已经成为网络犯罪分子的完美伪装。要真正解决像链式网络钓鱼这样的威胁,我们需要超越静态黑名单和基于域的过滤。网络钓鱼防护的未来在于实时分析网页和用户与网页的交互。

一些用于链链网络钓鱼攻击的合法平台

当安全堆栈看不到威胁时

来自可信服务的网络钓鱼链接通常会通过电子邮件和网络过滤器。网络钓鱼网站的流量是允许畅通无阻的,因为域名不在情报提要上,其声誉也没有受到损害。由于没有部署恶意软件,只有凭证收集,端点工具没有什么可检测的。

尽管有分层防御,比如:

·安全电子邮件网关(seg)

·DNS过滤

·安全web网关(swg)

·EDR/AV

·本地浏览器保护

大多数组织仍然很脆弱。因为这些工具旨在阻止已知的恶意网络行为,并且端点解决方案对凭证收集web表单一无所知。对合法域名的微妙滥用,加上额外的规避技术,导致用户成为零小时网络钓鱼的受害者。

防范网络钓鱼的真正攻击

一些sequenced攻击利用可信路径,将用户引导到容易绕过传统防御的网络钓鱼站点。等到输入证书的时候,通常已经太晚了,而且大多数组织不会预料到这些攻击。

为了有效地减轻这些威胁,人们需要将安全转移到风险出现的地方:浏览器。从根源上制止网络钓鱼,而不仅仅是在外围。

胡金鱼

DOJ Dismantles North Korean IT Job Scam: Stolen Identities & Laundering Funded DPRK Weapons

Penetration Testing Tools - Metepreter.org
8 months 4 weeks ago

The U.S. Department of Justice has announced the uncovering of a vast scheme in which fraudulent IT specialists from North Korea secured employment with American companies by posing as citizens of other countries. According...

The post DOJ Dismantles North Korean IT Job Scam: Stolen Identities & Laundering Funded DPRK Weapons appeared first on Penetration Testing Tools.

ddos

International Criminal Court Hit by “Sophisticated and Targeted” Cyberattack

Penetration Testing Tools - Metepreter.org
8 months 4 weeks ago

The International Criminal Court (ICC) in The Hague has once again come under the crosshairs of cyber attackers. The judicial body reported that it had been the target of a deliberate and coordinated cyberattack....

The post International Criminal Court Hit by “Sophisticated and Targeted” Cyberattack appeared first on Penetration Testing Tools.

ddos

Apple 力推的《F1:狂飙飞车》,是否值得你买票走进电影院

不安全
8 months 4 weeks ago
文章解析了电影《F1:狂飙飞车》的四大看点、五大争议及二十个车迷专属彩蛋。影片通过实拍技术展现赛车魅力,剧情浓缩F1三十年标志性事件,引发硬核车迷对现实与虚构冲突的讨论。同时融入众多历史细节与真实事件改编的彩蛋,吸引老车迷共鸣。尽管评价两极分化,但影片作为商业大片为观众带来视听盛宴。

Microsoft Authenticator Ends Password Support: Full Phase-Out by August 1, 2025

Penetration Testing Tools - Metepreter.org
8 months 4 weeks ago

Microsoft has announced its intention to discontinue password support within the Authenticator app starting August 1, 2025. This move forms part of the company’s broader global initiative to shift away from traditional login methods...

The post Microsoft Authenticator Ends Password Support: Full Phase-Out by August 1, 2025 appeared first on Penetration Testing Tools.

ddos

Urgent Chrome Zero-Day Alert: CVE-2025-6554 (Type Confusion) Actively Exploited in the Wild

Penetration Testing Tools - Metepreter.org
8 months 4 weeks ago

Google has released security updates for its Chrome browser to address a critical vulnerability for which an active exploit is already in circulation. The issue, tracked as CVE-2025-6554, is classified as a “Type Confusion”...

The post Urgent Chrome Zero-Day Alert: CVE-2025-6554 (Type Confusion) Actively Exploited in the Wild appeared first on Penetration Testing Tools.

ddos

Proton Sues Apple Over “Illegal Monopoly”: App Store Antitrust Battle Escalates in US Court

Penetration Testing Tools - Metepreter.org
8 months 4 weeks ago

Proton has officially joined the legal battle against Apple, accusing the tech giant of violating antitrust laws and undermining the interests of developers, users, and data privacy. In its complaint filed with the U.S....

The post Proton Sues Apple Over “Illegal Monopoly”: App Store Antitrust Battle Escalates in US Court appeared first on Penetration Testing Tools.

ddos

Canada Bans Hikvision Operations Nationwide Citing National Security Threat

Penetration Testing Tools - Metepreter.org
8 months 4 weeks ago

The Government of Canada has officially ordered the cessation of operations of Hikvision Canada Inc. within its territory, citing concerns over national security. The announcement followed the conclusion of a multi-phase review conducted under...

The post Canada Bans Hikvision Operations Nationwide Citing National Security Threat appeared first on Penetration Testing Tools.

ddos

Managed ad