A new FakeUpdates campaign targeting WordPress sites has been detected
20/03/2024Over the past few weeks, a new wave of the FakeUpdates malware, also known as SocGholish, has been detected, aimed at WordPress websites. The objective is to lure users into downloading remote access trojans, allowing attackers to take control of their systems. Since its emergence in 2017, FakeUpdates has been one of the most recurring malicious software in the cyber threat landscape. It has previously been associated with cybercriminal groups like Evil Corp, who monetize its use by selling access to infected systems. In this new campaign, cybercriminals are using JavaScript to target WordPress web pages, compromising compromised administrator accounts to introduce altered versions of WordPress plugins. These adulterated versions deceive users into downloading remote access trojans, granting attackers full control over infected devices. What is the most popular type of malware? In addition to the FakeUpdates attack, the threat index from Check Point Research, whose researchers have warned about this new attack, reveals around 200 suspicious content websites directed by ransomware groups. They utilize double extortion tactics to pressure victims into paying immediate ransoms. These attacks have impacted many companies, with the Lockbit3 ransomware being the most utilized by cybercriminals, followed by Play and 8base. The most exploited vulnerabilities by malicious actors include 'Web Servers Malicious URL Directory Traversal,' 'Command Injection Over HTTP,' and 'Zyxel ZyWALL Command Injection,' affecting numerous companies worldwide and allowing attackers to access and manipulate files or execute commands on compromised systems. In Spain, despite a 7% decrease in malware attacks in February, the most sought-after malware includes FakeUpdates, Qbot, and Pandora. In the case of FakeUpdates, it has affected 11.9% of companies in Spain. Mobile Malware In the realm of mobile devices, Anubis remains the most utilized malware in Spain, followed by AhMyth and Hiddad, all designed to compromise the security and privacy of Android device users by collecting confidential information and executing malicious actions.
[ ... ]
Privacy Policy
Esta política de privacidad aplica a todos los contenidos de este sitio web y que sean publicados por Dommia Design Studio. Si usted tiene alguna consulta sobre cómo usamos su información personal, por favor contacte con nuestro responsable de privacidad en [email protected]. Según lo establecido en el RGPD (Reglamento (UE) 2016/679), les proporcionamos la Información Detallada de Protección de Datos que se expone a continuación: Responsable: Dommia Design StudioRazón Social: Dommia Design Studio SLC.I.F.: B-66440581Dirección: c/ Lepant, 326, Entlo, Desp 3 - 08025 - BarcelonaTeléfono: 936 241 455Correo Electrónico: [email protected] Inscrita en el Registro Mercantil de Barcelona Tomo: 44619, Folio: 176, Hoja: 461387, Inscripción: 1 Información que recopilamos y con qué objetivo Esta sección detalla la información que podemos recoger sobre usted. Explicamos por qué y cómo lo utilizamos en secciones posteriores. Información que obtenemos a través de cookies y herramientas similares Utilizamos cookies (y tecnologías similares) y herramientas de análisis en nuestros sitios para recopilar información sobre usted. Esta información se puede utilizar para mejorar el rendimiento del sitio y mejorar la experiencia de usuario. Proporcionamos información detallada sobre cookies y tecnologías similares dentro de nuestra Política de Privacidad; algunos ejemplos incluyen: Su ubicación: utilizamos cookies para mostrar información del lugar más relevante para su ubicación. Su uso: utilizamos cookies para entender como nuestros clientes utilizan nuestros sitios. El dispositivo: utilizamos cookies para entender el tipo de dispositivo que está utilizando para mostrarle la mejor versión del sitio. Si desea administrar sus cookies, siga las instrucciones de la sección "Cómo gestionar las cookies" dentro de nuestra Política de Privacidad. Información que obtenemos a través del formulario de contacto Datos de contacto: nombre y correo electrónico. Web Beacons Utilizamos web beacon en nuestras páginas web y nuestros correos electrónicos. Cuando enviamos correos electrónicos a los miembros del boletín de noticias, podemos hacer un seguimiento del comportamiento como quien abrió los correos electrónicos y quien hizo clic en los enlaces. Esto nos permite medir el rendimiento de nuestras campañas de correo electrónico y mejorar nuestras características para determinados segmentos de miembros. Fundamentos legales para el procesamiento Solo tratamos información personal cuando tenemos su consentimiento de usuario: es decir, cuando nos ha dado permiso explícito para procesar información personal para un fin determinado. Por ejemplo, si completa uno de nuestros formularios de comunicación, le solicitaremos su consentimiento si quisiéramos utilizar su información personal para cualquier otro propósito. Usted tiene el derecho de retirar este consentimiento en cualquier momento. Puede administrar sus preferencias contactando con nuestro Delegado de Protección de Datos en [email protected]. ¿Cómo utilizamos su información personal? Recopilamos información personal por una razón principal, para mejorar y mantener el rendimiento de nuestro sitio web y poder brindarle la mejor experiencia de usuario posible. Recopilamos información personal por dos motivos principales: Mejorar y mantener el rendimiento: para proporcionarle la mejor experiencia de usuario posible, debemos asegurarnos de que nuestros productos y servicios funcionan como deberían ser. Comunicar cambios y ofertas de productos: queremos que obtenga el máximo rendimiento de nuestros productos o servicios, incluyendo mostrar nuestros últimos contenidos y boletines informativos. Puede cambiar sus preferencias en cualquier momento contactando a nuestro oficial de privacidad a [email protected]. ¿Con quién compartimos su información personal? No divulgamos su información personal a ningún tercero a menos que lo exijan las leyes aplicables, órdenes judiciales u otros procesos legales válidos. ¿Cuánto tiempo conservamos su información personal? Un resumen de la duración de su información personal: Categoría de datosEjemploPeríodo RetenciónJustificación del Período Comercial Clientes Hasta 5 años después de la resolución de cualquier relación comercial Para informar de nuestros productos y servicios Comercial Formulario de contacto Hasta 5 años después de la resolución de cualquier relación comercial Para informar de las peticiones realizadas por el usuario Marketing Newsletter Hasta que exprese su negativa a que sea enviada Para informar de nuestros productos y servicios Los datos se almacenarán el tiempo estrictamente necesario exclusivamente para el desempeño de sus competencias legalmente establecidas. A veces es necesario que guardemos su información personal por períodos más largos, por ejemplo: Si existe un requisito legal para retenerlo; Si requerimos la información por razones legales o existe una necesidad legítima para que la retengamos; Para garantizar que no nos comuniquemos con usted si nos ha pedido que no lo hagamos. ¿Cómo mantenemos su información personal segura? Contamos con las medidas de seguridad técnicas y organizativas adecuadas para garantizar que la información de nuestros usuarios esté protegida contra el acceso, uso, alteración o pérdida no autorizados o accidentales. Sus derechos Según las leyes de protección de datos, tiene derechos en relación con sus datos personales que gestionamos. Estos derechos incluyen: El derecho de oposición al márquetin directo; El derecho de acceso a los datos personales que procesamos sobre usted; El derecho a solicitar la eliminación de sus datos personales; El derecho a solicitar la rectificación de sus datos personales. Puede ejercer estos derechos contactando a nuestro oficial de Privacidad en [email protected]. ¿Dónde se aplica esta política de privacidad? La información personal recopilada por el CLIENTE. Nuestro sitio web puede contener enlaces a sitios web de terceros que no están sujetos a esta política de privacidad. No somos responsables de su contenido, uso de información personal o prácticas de seguridad. Si tiene una consulta sobre el tratamiento de su información personal, comuníquese con nuestro oficial de Privacidad en [email protected]. Cambios en esta política de privacidad Esta política es efectiva desde el 24/05/2018. Cualquier cambio que hagamos a esta política de privacidad se publicará en esta página, explicitando la fecha del último cambio.
[ ... ]
WiFi Security: Assessment of threats in wireless networks
08/03/2024Wifi connectivity has gone from being limited to restricted environments to becoming omnipresent in virtually every aspect of our daily lives. The ability to connect to the Internet from anywhere, be it at home, in a café, at work, in public spaces, or even in-flight, has enhanced the convenience in our daily lives. Moreover, the expansion of Wifi networks and the use of new manufacturing technologies now allow the interconnection of devices, leading to the significant rise of the Internet of Things (IoT) and providing users with more comprehensive control over their digital environments. However, this proliferation of Wifi networks has also given rise to new threats that require careful evaluation and effective security strategies to ensure secure and risk-free Wifi connections for our data and information. Common Wifi security threats include data interception Man-in-the-Middle (MITM) attacks One of the fundamental challenges in Wifi security is preventing MITM attacks, where an intruder inserts themselves into the communication between two parties, compromising the integrity and confidentiality of sensitive data such as passwords and financial information. Spoofing of access points Hackers can create fake Wifi networks that mimic legitimate ones to attract unsuspecting users. Once connected to these malicious networks, our data can be captured by cybercriminals who may sell or misuse it for illicit purposes. Tips for achieving a secure Wifi connection: Strengthen authentication and use security protocols Prioritize strong encryption for networks to protect confidential information transmitted through it. WPA (Wifi Protected Access) encryption uses stronger algorithms than its predecessor, WEP (Wired Equivalent Privacy), making it more difficult for hackers to intercept and decipher data. Advanced security protocols like WPA3 provide individualized data encryption and advanced two-factor authentication (2FA) methods, adding an extra layer of security by requiring additional verification. Device management Properly manage and monitor devices connected to Wifi networks to minimize risks associated with the large number of connected devices in homes and businesses. Regularly update the router firmware and all connected devices to address potential vulnerabilities. Segmentation of the network to separate critical devices from less secure ones also helps mitigate the risk of threat propagation. Secure Router Configuration The router secure configuration is what will ensure the robustness and overall security of a wireless network. The router, being the first point of contact for devices connected to the Internet, acts as the first line of defence against potential attacks. For this reason, it is important to understand that the proper configuration of the router not only guarantees a stable and efficient connection but also establishes a protected environment that safeguards the integrity and privacy of our data. How to configure the router securely? To ensure a correct and secure configuration of the router, it is recommended to: Change the default username and password of the router, as these are easily accessible to attackers. Use strong passwords containing a combination of letters, numbers, and special characters. Disable remote administration to prevent cybercriminals from accessing the router externally. Enable WPA2 or WPA3 encryption instead of the outdated WEP for enhanced network security. Optionally, disable SSID broadcast to make the network less visible and harder to detect by hackers. Keep the router firmware updated to address vulnerabilities and improve overall device security. By following these steps, you will strengthen the security of your wireless network and reduce the chances of experiencing unwanted attacks or intrusions.
[ ... ]
How to sign a PDF document with electronic signature?
24/06/2021When a document needs to be signed by one or more people, the usual thing, until now, has been to print it and stamp by hand the necessary signatures to validate or make its content official. This requires paper, printer, ink, but above all access to the document by all signatories, which is not always easy due to geographical location, availability, timing, etc. With teleworking on the rise and a growing globalization of business, these drawbacks have become more evident than ever, although they have found a quick and effective solution in electronic signatures. What is an electronic signature for? The electronic signature is a digital validation system for documents that unequivocally identifies the signatory. The electronic signature is assimilated to the handwritten signature and therefore its digital stamping on a document gives it the same validity, as it would have had with a handwritten signature. What are the advantages of electronic signatures? Electronic signatures simplify document management processes that require the validation of documents such as pdf signatures, facilitating remote signing by one or more people regardless of where they are located, or the situation or time of day they receive them. This flexibility contributes to the efficiency and agility of this type of procedure and being a secure signature system, it is suitable and useful in many areas related to business management, administrative management, e-commerce, informed consent and many other procedures. In addition to the versatility, practicality and security of the online PDF signature, we must also point out, as a great advantage of this process, its contribution to paperless. How to sign electronically? The electronic signature is easy to implement through tools specifically designed to guarantee not only the correct validation of the cryptographic signature or signatures included in a PDF document, but also that it cannot be altered and that all the necessary signatures required by each situation can be added. Within the framework of this type of tool, the most advanced ones, in addition to being compatible with any browser and accessible from any type of device - computer, tablet, Smartphone,... -, make it easy to convert PDF any Word, Excel, JPG, PowerPoint... file for signing. They also allow users to request a verifiable digital signature, view the properties of the digital signature and send the document directly by email to the signatories and once signed, forward it to all parties to download it. In addition, to guarantee the privacy of the documents and the security of the online signatures, these transfers are made through encrypted files with TLS encryption. Also, when we sign documents using this type of tool, they offer the option of including a LTV (Long Term Validation) time stamp that certifies the validity of the signature in the long term. For all these reasons, tools for signing PDF documents with electronic signatures are now a must for companies and businesses in all areas where process optimization, security and sustainability are a priority.
[ ... ]
QUIC, the new official network protocol to replace TCP
04/06/2021QUIC, the network protocol designed by Google, has been presented by the Internet Engineering Task Force, IETF, as a new official Internet standard to replace TCP, the current main standard. Google's QUIC (Quick UDP Internet Connections) network protocol is designed to reduce latency with retransmissions taking less time, potentially reducing the waiting time for search results by 8% on computers and 4% on mobile devices, according to the paper released by Google in 2017. QUIC will replace TCP, the current main standard of the Internet since 1974 - when it was still Arpanet - and on which the operation of Internet elements such as the World Wide Web (WWW) logic system, file transmission, 'emails' and remote administration depend. The new QUIC protocol has already been published by the IETF, making it an official network protocol.
[ ... ]