Month: March 2022

On March 25, 2022, the US Federal Communications Commission (FCC) added Kaspersky and two Chinese companies to its Covered List, because it poses unacceptable risk to US national security.

“The Federal Communications Commission’s Public Safety and Homeland Security Bureau today added equipment and services from three entities – AO Kaspersky Lab, China Telecom (Americas) Corp, and China Mobile International USA Inc. – to its list of communications equipment and services that have been deemed a threat to national security, consistent with requirements in the Secure and Trusted Communications Networks Act of 2019.” reads the FCC statement.

The FCC’s decision follows an advisory released by Germany’s Federal Office of Information Security (BSI) this month against using the company’s security solutions in the country over doubts about the reliability of the manufacturer, as it still has to abide by Russian laws and regulation.

Read more about it here.

A new hacking campaign infecting hundreds of sites hosted by GoDaddy-hosted sites has been uncovered. The discovery comes from Wordfence, whose team first observed the malicious activity on March 11, 2022, with 298 websites infected by the backdoor within 24 hours, 281 of which were hosted on GoDaddy’s Managed WordPress service.

The backdoor infecting the sites is a 2015 Google search SEO-poisoning tool implanted on PHP file wp-config.php to get spam link templates from Command and Control (C2) domains that are used to inject malicious pages into search results. The campaign uses mostly pharmaceutical spam templates, served to visitors of the compromised websites instead of the actual websites content.

Users of GoDaddy’s Managed WordPress platform should scan the wp-config.php file to locate potential backdoor injections.

Read more about it here.

Internet security companies have recorded a massive wave of cyberattacks against Ukrainian WordPress sites since Russia invaded Ukraine.

Cybersecurity firm Wordfence, which protects 8,320 WordPress websites belonging to universities, government, military, and law enforcement entities in Ukraine, reported 144,000 attacks on February 25, 2022 alone, which is three times the number of daily attacks from earlier in February across the Ukrainian websites that they protect. The attacks compromised at least 30 Ukrainian university websites. The hacking group behind these attacks is a pro-Russian group called “theMx0nday”.

For the first time in its history, Wordfence has decided to automatically deploy real-time threat intelligence to all Ukrainian websites using this WordPress plugin, regardless of their subscription tier. Normally, this feature is only available to Premium customers. “We are doing this to assist in blocking cyberattacks targeting Ukraine. This update requires no action from users of the Free version of Wordfence on the UA top-level domain.” says their blog post.

Read more about it here.