Winson Digital Techniques

  A Chinese state-sponsored threat activity group tracked as   RedGolf   has been   attributed   to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally. "The group has shown the ability to rapidly weaponize newly reported vulnerabilities (e.g. Log4Shell and ProxyLogon) and has a history of developing and using a large range of custom malware families." The use of KEYPLUG by Chinese threat actors was first disclosed by Google-owned Manidant in March 2022 in attacks targeting multiple U.S. state government networks between May 2021 and February 2022. Then in October 2022, Malwarebytes detailed a separate set of attacks targeting government entities in Sri Lanka in early August that leveraged a novel implant dubbed DBoxAgent to deploy KEYPLUG. Bot...

  Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22. "Improved code security enforcement in WooCommerce components," the Tel Aviv-based company said in its release notes. The premium plugin is estimated to be used on over 12 million sites. Successful exploitation of the high-severity flaw allows an authenticated attacker to complete a takeover of a WordPress site that has WooCommerce enabled. "This makes it possible for a malicious user to turn on the registration page (if disabled) and set the default user role to the administrator so they can create an account that instantly has the administrator privileges," Patchstack said in an alert of March 30, 2023. "After this, they are likely...

  Microsoft has patched a misconfiguration issue impacting the Azure Active Directory ( AAD ) identity and access management service that exposed several "high-impact" applications to unauthorized access. "One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results but also launch high-impact XSS attacks on Bing users," cloud security firm Wiz said in a report. "Those attacks could compromise users' personal data, including Outlook emails and SharePoint documents." The issues were reported to Microsoft in January and February 2022, following which the tech giant applied fixes and awarded Wiz a $40,000 bug bounty. Redmond said it found no evidence that the misconfigurations were exploited in the wild. The crux of the vulnerability stems from what's called "Shared Responsibility confusion," wherein an Azure app can be incorrectly configured to allow users from any Microsoft te...

  The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other territories across the European Union. The suspects are alleged to have created more than 100 phishing portals aimed at users in France, Spain, Poland, Czechia, Portugal, and other nations in the region. These websites masqueraded as online portals offering heavily discounted products below market prices to lure unsuspecting users into placing fake "orders." In reality, the financial information entered on those websites to complete the payments was used to siphon money from the victims' accounts. "For the fraudulent scheme, the participants also created two call centers, in Vinnytsia and in Lviv, and involved operators in their work," the Cyber Police  said . "Thei...

  As the digital age evolves and continues to shape the business landscape, corporate networks have become increasingly complex and distributed. The amount of data a company collects to detect malicious behavior constantly increases, making it challenging to detect deceptive and unknown attack patterns and the so-called "needle in the haystack". With a growing number of cybersecurity threats, such as data breaches, ransomware attacks, and malicious insiders, organizations are facing significant challenges in successfully monitoring and securing their networks. Furthermore, the talent shortage in the field of cybersecurity makes manual threat hunting and log correlation a cumbersome and difficult task. To address these challenges, organizations are turning to predictive analytics and Machine Learning (ML) driven network security solutions as essential tools for securing their networks against cyber threats and the unknown bad. The Role of ML-Driven Network Security Solutions #...

  Full-cycle website design and development  Creating a website from scratch, including requirements gathering, design, implementation, quality assurance as well as maintenance and support.  Redesign Porting your legacy website, including all the data, to a new, modern solution (it can be another content management system) with a slick and responsive user interface.  Web application development and integration Enriching your website with out-of-the-box and custom social networking apps, payment solutions, advanced analytics, and other tools to increase user engagement.  Migration to the cloud  Moving your existing website and applications to Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, and other cloud services to improve scalability and administration and lessen costs. Maintenance and support Creating new features and fixing bugs;  Enhancing scalability and performance to welcome the growing number of visitors and data; Improving ...

  Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat actors typically provide victims with a decryption key or tool to unlock their data or device, though this is not guaranteed. Oliver Pinson-Roxburgh, CEO of Defense.com, the all-in-one cybersecurity platform, shares knowledge and advice in this article on how ransomware works, how damaging it can be, and how your business can mitigate ransomware attacks from occurring. Ransomware attack comprise There are three key elements to a ransomware attack: Access - In order to deploy malware to encrypt files and gain control, cybercriminals need to initially gain access to an organization's sy...