Hackers are actively probing millions of WordPress sites
www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers.
Hacking group exploits ZeroLogon in automotive, industrial attack wave
www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought to be the handiwork of Cicada, also tracked as APT10, Stone Panda, and Cloud Hopper.
Four Industrial Control System Vendors Warn of Critical Bugs
threatpost.com/ics-vendors-warn-critical-bugs/161333/ In addition to the Real Time Automation and Paradox bugs, high-severity flaws were made public by Sensormatic Electronics, a subsidiary of Johnson Controls, and ICS behemoth Schneider Electric.
Be Very Sparing in Allowing Site Notifications
krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/ KrebsOnSecurity installed PushWelcome’s notifications on a brand new Windows test machine, and found that very soon after the system was peppered with alerts about malware threats supposedly found on the system. One notification was an ad for Norton antivirus; the other was for McAfee. Clicking either ultimately led to “buy now” pages at either Norton.com or McAfee.com.
Ransomware attack forces web hosting provider Managed.com to take servers offline
www.zdnet.com/article/web-hosting-provider-managed-shuts-down-after-ransomware-attack/ Managed.com, one of the biggest providers of managed web hosting solutions, has taken down all its servers in order to deal with a ransomware attack
The ransomware landscape is more crowded than you think
www.zdnet.com/article/the-ransomware-landscape-is-more-crowded-than-you-think/#ftag=RSSbaffb68 More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups. RaaS portals work by providing a ready-made ransomware code to other gangs. These gangs, often called RaaS clients or affiliates, rent the ransomware code, customize it using options provided by the RaaS, and then deploy in real-world attacks via a method of their choosing. RaaS offerings have been around since 2017, and they have been widely adopted as they allow non-technical criminal gangs to spread ransomware without needing to know how to code and deal with advanced cryptography concepts.