Thousands of WordPress sites backdoored with malicious code

Thousands of WordPress sites backdoored with malicious code

Malicious code redirects users to tech support scams, some of which use new "evil cursor" Chrome bug. Thousands of WordPress sites have been hacked and compromised with malicious code this month, according to security researchers at Sucuri and Malwarebytes. All compromises seem to follow a similar pattern --to load malicious code from a known threat actor-- although the entry vector for all these incidents appears to be different. Researchers believe intruders are gaining access to these...

Read More
GhostHook Attack Bypasses Window 10 Patchguard

GhostHook Attack Bypasses Window 10 Patchguard

Security experts have recently discovered a method of bypassing Windows 10 PatchGuard protections and deploying malicious code into the Windows kernel, allowing attackers to plant rootkits on systems previously thought to be impregnable. More than 400 million devices worldwide currently run on Windows 10. GhostHook is the first attack technique identified that will bypass PatchGuard – giving attackers the ability to take full control over 64-bit systems at the kernel level....

Read More

Google removes another set of malicious apps from play marketplace

Last week we blogged about the importance of having a cybersecurity plan address the risks of Web Applications here. Today it's been reported that Google has removed not one, but two malicious apps ZTORG Trojans from their play marketplace (and this is not the second time in the month of June!). A researcher with Kaspersky Lab on Tuesday described how attackers managed to evade settings set in place by Google Play’s VerifyApps malware scanner...

Read More