A new FakeUpdates campaign targeting WordPress sites has been detected
20/03/2024Over the past few weeks, a new wave of the FakeUpdates malware, also known as SocGholish, has been detected, aimed at WordPress websites. The objective is to lure users into downloading remote access trojans, allowing attackers to take control of their systems. Since its emergence in 2017, FakeUpdates has been one of the most recurring malicious software in the cyber threat landscape. It has previously been associated with cybercriminal groups like Evil Corp, who monetize its use by selling access to infected systems. In this new campaign, cybercriminals are using JavaScript to target WordPress web pages, compromising compromised administrator accounts to introduce altered versions of WordPress plugins. These adulterated versions deceive users into downloading remote access trojans, granting attackers full control over infected devices. What is the most popular type of malware? In addition to the FakeUpdates attack, the threat index from Check Point Research, whose researchers have warned about this new attack, reveals around 200 suspicious content websites directed by ransomware groups. They utilize double extortion tactics to pressure victims into paying immediate ransoms. These attacks have impacted many companies, with the Lockbit3 ransomware being the most utilized by cybercriminals, followed by Play and 8base. The most exploited vulnerabilities by malicious actors include 'Web Servers Malicious URL Directory Traversal,' 'Command Injection Over HTTP,' and 'Zyxel ZyWALL Command Injection,' affecting numerous companies worldwide and allowing attackers to access and manipulate files or execute commands on compromised systems. In Spain, despite a 7% decrease in malware attacks in February, the most sought-after malware includes FakeUpdates, Qbot, and Pandora. In the case of FakeUpdates, it has affected 11.9% of companies in Spain. Mobile Malware In the realm of mobile devices, Anubis remains the most utilized malware in Spain, followed by AhMyth and Hiddad, all designed to compromise the security and privacy of Android device users by collecting confidential information and executing malicious actions.
[ ... ]
The Spanish, the European citizens who know more about metaverse and virtual reality
27/06/2022The Spanish are the European citizens who most claim to know what the metaverse, virtual reality and augmented reality are. In fact, the results of the report presented by Ipsos in collaboration with the World Economic Forum, ensure that this knowledge would be not only above the European average, also the worldwide. Thus, 63% of Spaniards say they know the metaverse, compared to 52% of the world population, 30% of germans or 28% of France citizens. At the other extreme we find Turkey (86%), India (80%), China (73%) and South Korea (71%), which are presented as the countries with the largest population knowledgeable about the metaverse. "The results of this research work give a very optimistic view of the potential of the metaverse and show that many people are open to the technological change that is taking place," says Jame Ferrand-Gutiérrez, head of Data Intelligence at Ipsos in Spain. The director, however, points out that “we cannot ignore that the metaverse is still a concept that has not been fully realized […] Although it is planned as a parallel reality where everything has a place, in reality it is not. Well, at least at present. We will see in the future where it evolves". About the augmented and virtual reality, 77% of Spaniards say they know the first one well, and 85% the second, being, once again, Turkey, the country in the world where the percentages of familiarity with these technologies are more high, 94%. According to the report 'How the world sees the metaverse and extended reality', which collects data from 29 countries, obtained between April and May through the Ipsos Global Advisor platform, citizens expect that applications that use the metaverse will have a growing impact on their lives over the next decade and, according to the document, in Spain the greatest impact is expected in the field of virtual education and training (63%), entertainment (61%), video games (57%), work meetings (55%) and way of socializing and resources related to health (both with 54%).
[ ... ]
How to know if Pegasus has infected our mobile
05/05/2022The news of recent weeks, in which it is claimed that the Pegasus espionage program has been used to enter the mobile devices of Spanish politicians, has put a lot of people on alert. Pegasus is a malicious software that, once introduced on a device, has the ability to collect information and transmit it to an external entity without the consent or knowledge of the owner of the device, be it a mobile phone, a computer or a tablet. Pegasus also erases its trail after it is installed. Among its main features, it also stands out that Pegasus is capable of detecting who the owner of the device has been with. Pegasus also, can send and recive messages autonomously and recording conversations by manipulating the attacked mobile, computer or tablet. The two ways that this spy program uses to enter on a devices is through an SMS or a fraudulent link and, according to experts, despite the fact that it is a very difficult spyware to detect, there are some signs that can make us suspect that we have been infected. Overheating or slowdown of the system are two of the main ones, but also the fact that the battery life is decreasing or that there is excessive data consumption when we are not using the device. How to make it difficult for Pegasus To try to avoid being infected by Pegaus or by any other malware, the director of Systems Engineering at Fortinet from Spain and Portugal, José Luis Laguna, in statements collected by Europa Press, recommends taking extreme precautions and a make a double-checking when personal and confidential information is provided. In addition, the Fortinet expert explains that instead of clicking on the link that we have received, to verify that it is legitimate, it is recommended to write the address of the site in the web browser, even though this means taking an additional step and not accessing directly to this service. Using protection 'software' based on behavior - EndPoint Detection and Response (EDR) -, keeping the system updated, avoiding public Wi-Fi connections and checking the permissions granted to applications, are other precautions that are also recommended.
[ ... ]
End-to-end encryption of Facebook Messenger and Instagram delayed until 2023
25/11/2021Security and privacy have become two of the main worries of the new virtual world. Meta, the new name of Mark Zuckerberg's company, has been working on end-to-end encryption system for Facebook Messenger and Instagram platforms and has just reported that finally this protection will not be ready until 2023. The delay, they explain, is due to their effort to ensure that end-to-end encryption will be the protection that all their messaging applications have by default, but at the moment only WhatsApp offers it. This technology means that only the sender and the receiver can know the content of a conversation. It's also known that end-to-end encryption has open the debate about privacy and collaboration with police investigations, specially in cases of child abuse. "As we implement end-to-end encryption, we will use a combination of unencrypted data in our applications, account information, and user reports to keep them secure in a way that protects privacy while assisting in public safety efforts" , has assured the Security director of Meta, Antigone Davis.
[ ... ]
OPPO joins the Connectivity Standards Alliance
21/10/2021Oppo has announced its membership on the Board of Directors of the Connectivity Standards Alliance (CSA), the organization with more than 400 technology companies working together to increase compatibility in IoT through simpler technology standards. One of Oppo's main objectives in his new role, explained Neil Yang, director of OPPO's Standards Research Department, is to promote Matter, the base protocol for the Internet of Things (IoT), offering a simplified user experience that allows connecting different devices "We want to create a highly compliant IoT ecosystem, and drive the development of the Alliance's advancements together with other partners through proposals for new protocols, setting new standards and developing new Matter-based products”, says Yang. For the CSA, Oppo's commitment is an open door to promote Matter in China and throughout Asia, offering the possibility of providing better IoT experiences to more than one billion users.
[ ... ]