Connect with us

Published

on

WordPress plugin poses a great danger to credit card information. A security vulnerability detected in a plugin used on WordPress sites poses a great danger to site owners and users. Malicious codes use this vulnerability to steal credit card information.

WordPress plugin Dessky Snippets is a special feature for site administrators. PHP code additions It is known as an enabling tool. However, this plugin has become a target of cybercriminals due to its security vulnerability. Attackers who look for active installations, especially on websites with online stores, install their malware using this plugin.

WordPress Plugin Malicious Code That Steals Credit Card Information

Cybersecurity firm Sucuri was the first organization to detect this attack. Attackers inject their own code by manipulating the WooCommerce checkout process. This malicious code is saved in the dnsp_settings option in WordPress’s wp_options table and steals users’ credit card information by changing the payment form. Name, address, credit card number, expiration date and like CVV number Fake forms are added to collect information.

WordPress plugin credit card information

A remarkable feature of these fake forms is, autocomplete feature has been disabled. Users are forced to manually enter their information in these forms without receiving any warning, even if their browser’s autocomplete feature is turned on.

WordPress Plugin Credit Card: Recommendations for WordPress Users

WordPress attracts the attention of cybercriminals because it is one of the most popular website building platforms. Platform in general Although it is considered secure, attackers are turning to less secure plugins and themes. Therefore, WordPress users need to be wary of little-known plugins.

Security precautions

WordPress You can follow these steps to increase security on your site:

Update Plugins and Themes: Make sure all the plugins and themes you use are up to date.

Download from Reliable Sources: Do not download plugins and themes from unreliable sources.

Perform Regular Security Scans: Detect potential threats by performing regular security scans on your site.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

5 Cyber ​​Security Threats Awaiting the World in 2025

The year 2024 stood out as a critical year in terms of cyber security, with increasing threats in the digital world. In this year of fighting against the threats brought by artificial intelligence, cyber criminals have made their attack methods more effective by taking advantage of developing technologies.

Published

on

5 Cyber ​​Security Threats Awaiting the World in 2025

The year 2024 stood out as a critical year in terms of cyber security, with increasing threats in the digital world. In this year of fighting against the threats brought by artificial intelligence, cyber criminals have made their attack methods more effective by taking advantage of developing technologies.

It has been accepted by experts that developing technologies will pose a threat to cyber security in 2025, as in 2024. With the developments in artificial intelligence, quantum computers, IoT devices and cloud technologies, the cost of cyber attacks is expected to reach 12 trillion dollars worldwide in 2025.

5 that will stand out in 2025 cyber security threat

Cyber ​​Security Threat

1. The Great Danger Emerging from Quantum Computer: Researchers at Shanghai University in China claim to have found a way to break the most common online encryption method using quantum computers of just 372 qubits.

This effectively demonstrates that advances in niche quantum methods can pose small-scale cryptographic risks, highlighting a gradual progression towards large-scale quantum threats. Experts predict that quantum computers could be powerful enough to break current encryption methods as early as 2025. That’s why it’s critical for organizations to move to encryption methods that can resist quantum decryption before it’s too late.

2. Artificial Intelligence Supported Cyber ​​Attacks: In 2024, attacks powered by artificial intelligence were seen to be effective, especially through methods such as social engineering, phishing, and deepfake. AI-enabled social engineering attacks accounted for 35-37% of all cyber attacks, and this proportion is expected to increase further in 2025.

In addition, attackers, who used natural language processing technology offered by artificial intelligence to make phishing emails more believable, managed to deceive 60% of target users, and the average cost of these attacks for businesses was recorded as 4.88 million dollars.

We predict that in 2025, in addition to the increase in all these attack methods, automatic tools that can exploit security vulnerabilities in real time will be effective in artificial intelligence-oriented cyber attacks.

Cyber ​​Security Threat

3. Internet of Things (Iot) and Cloud Security: The development of IoT devices and the transition of businesses to cloud platforms will also increase cyber risks. Attacks on these devices increased by 35% in 2024. On the cloud security side, misconfigurations continued to be the main cause of cyber attacks in 2024. According to research, 83% of organizations report that weaknesses in authentication and access management are a factor in cloud data breaches.

It is predicted that by 2025, more than 90% of companies will use more than one cloud platform and the number of IoT devices will exceed 32 billion. Since many IoT devices, such as smart home technology and sensors, do not meet appropriate security measures, the increase in the number of devices makes them an easy target.

4. Digital Asset Security and Cryptocurrency Thefts: In 2024, digital asset security and cryptocurrency thefts continued to be an important target of cybercrime. In the first half of the year, losses from cryptocurrency thefts reached approximately $1.4 billion. In the second quarter in particular, losses exceeded $600 million, a 100% increase compared to the previous year.

cyber security

In 2025, as the cryptocurrency market grows further, digital wallets and decentralized finance (DeFi) platforms will be at the forefront among the targets of cybercriminals. “Phishing” attacks and smart contract vulnerabilities, especially against wallets, can cause serious financial losses for individuals and institutions.

5. Cyber ​​Threats on Social Media: Social media platforms will continue to be a major ground for phishing attacks and data leaks. According to Meta’s 2024 security report, such attacks increased by 28% compared to last year.

It is estimated that in 2025, methods such as deeply personalized phishing attacks, artificial intelligence-supported fake profiles and deepfake videos will be used more frequently. Cybersecurity teams will also increasingly rely on AI-powered tools to detect and counter these threats. Individuals and organizations that do not take sufficient cyber security precautions and do not gain awareness against these threats may face serious risks.

Continue Reading

Security

Young Hacker Caused Millions of Dollars of Damage

With the advancement of technology, cyber crimes have become increasingly common. It is stated that a 19-year-old young hacker hacked telecom networks and caused damage of 4 million dollars.

Published

on

Young Hacker Caused Millions of Dollars of Damage

With the advancement of technology, cyber crimes have become increasingly common. It is stated that a 19-year-old young hacker hacked telecom networks and caused damage of 4 million dollars.

19-year-old young hacker named Remington Ogletree, hacker He is accused of being affiliated with the Scattered Spider group, exploiting security vulnerabilities, carrying out extensive phishing activities and gaining unauthorized access. According to court records shared by Bloomberg, Ogletree breached the security of two telecom companies, sent phishing links to millions of users and tried to steal large amounts of cryptocurrency from users.

hacker

The mentioned hacking incidents took place in October 2023. However, authorities have just announced the developments to raise awareness about potential fraud and cybercrime activities. It is stated that Remington Ogletree sent a total of 8.5 million text messages to users.

The mentioned crimes were not limited to telecom companies. Ogletree’s actions extend to US financial institutions. Because the young hacker managed to deceive 12 employees, obtain sensitive information and access accounts. This is not the first time such cyber crimes have made headlines. Other incidents caused by hackers have also been brought up before.

hacker

While Ogletree’s case continues, the events revealed the security vulnerabilities of the telecom industry and what could happen if the necessary precautions are not taken. The names of the hacked telecom companies were not disclosed.

Continue Reading

Security

RedLine Catches Stealer Infamous 1 With Magnus

Following the seizure of RedLine Stealer by international authorities, security researchers published their research into the stealer’s undocumented backend modules, which aided law enforcement in the takeover effort.

Published

on

RedLine Catches Stealer Infamous 1 With Magnus

Following the seizure of RedLine Stealer by international authorities, security researchers published their research into the stealer’s undocumented backend modules, which aided law enforcement in the takeover effort.

Security researchers, in collaboration with law enforcement, collected numerous modules used to run the infrastructure behind RedLine Stealer in 2023. The Dutch National police, together with the FBI, Eurojust and several other law enforcement agencies, dismantled the infamous RedLine Stealer operation and its clone called META Stealer on October 24, 2024.

This global effort, called Operation Magnus, resulted in the removal of three servers in the Netherlands, the seizure of two domain names, the detention of two people in Belgium, and the unsealing of charges against one of the alleged perpetrators in the United States.

 RedLine Stealer

Security researchers participated in a partial takedown of the RedLine malware in April 2023, enabling the removal of several GitHub repositories used as dead-drop analyzers for the malware’s control panel. At that time, previously undocumented backend modules of this malware family were investigated in collaboration with other researchers at Flare. These modules do not directly interact with the malware, but instead handle authentication and provide functionality for the control panel.

More than 1,000 unique IP addresses used to host RedLine control panels were identified. While there is some overlap, this puts the number of subscribers to RedLine MaaS at around 1,000. The 2023 versions of RedLine Stealer, reviewed in detail, use the Windows Communications Framework for communication between components, while the latest version in 2024 uses a REST API.

 RedLine Stealer

“Based on our analysis of source code and backend samples, we determined that RedLine Stealer and META Stealer share the same creator.” he said.

These unique IP addresses were used to host RedLine panels. Of these hosted panels, Russia, Germany, and the Netherlands each represent about 20 percent of the total, while Finland and the United States each represent about 10 percent. It was also able to detect multiple different backend servers. In terms of their geographical distribution, the servers are mostly located in Russia (about a third), while the UK, the Netherlands, and the Czech Republic each represent about 15 percent of the servers we detected.

First discovery in 2020

RedLine Stealer is an information-stealing malware first discovered in 2020, and rather than being operated centrally, it operates on a MaaS model where anyone can purchase a turnkey information-stealing solution from various online forums and Telegram channels.

Customers, whom we call affiliates, can receive monthly subscriptions or lifetime licenses; For their money, they get a control panel that generates malware samples and acts as a C&C server for them.

The examples created are local cryptocurrency wallets; cookies, saved ID information and saved credit card information from browsers; It can collect a wide variety of information, including saved data from Steam, Discord, Telegram, and various desktop VPN applications. Using an off-the-shelf solution makes it easier for affiliates to integrate RedLine Stealer into larger campaigns. Some notable examples include ChatGPT free download in 2023 and what appear to be video game cheats in the first half of 2024.

Magnus Before Operation RedLine was among the most common data-stealing malware, with a large number of affiliates using its control panel. But the malware-as-a-service initiative appears to be led by a small number of individuals, some of whom have now been identified by law enforcement.

Continue Reading

Trending

Copyright © 2022 RAZORU NEWS.
Project by V