Anybody have some thoughts on how to chase down all the SEO poison sites I'm seeing associated with this campaign? I'm easily seeing dozens, but suspect it's hundreds if not thousands.

There's two things I know so far. They're all using .de for the TLD and their title is empty. The google search I'm using is this.

powerlifting meets maryland site:.de title:""

#SEOPoisoning #ThreatHunting

Hey! They got a new graphic for the fake captcha notification allow page. At least the first I've noticed it. I guess I got tired of seeing that same old robot every time.

This SEO poisoned site even has a handy sitemap. The compromised site appears to have a number of different poisoned page sets each with their own sitemap. But surprisingly not very much shows up in a site: search in google.

bettysarmy[.]com
sortyellowapples[.]com
firstblackphase[.]com
haxbyq[.]com
shbzek[.]com
ulmoyc[.]com
sizepigwed[.]live

#ThreatIntel #SEOPoisoning

Last week was a big one for infosec news, with a bumper crop of noteworthy vulnerabilities, some fantastic long-term analysis of trends in cyber criminal TTPs, and more. Here it is, all neatly packaged with a bow on top - just for you:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-c8a?sd=pf

SEO-Poisoning and Malicious Ads are being used more frequently by threat actors, and to great effect. We look at what this means for both enterprises and individual users, and how you can protect against it.

#LockBit is looking a bit wobbly, with recent missteps revealing a disorganised criminal collective led by a narcissistic leader. They've been without a developer for nearly a year and are primed for disruption.

We've collated and contextualised a number of updates on several noteworthy vulnerabilities in products from vendors including #Fortinet, #Sophos, #Zoho, and #Aruba that defenders and admins should know about.

Set yourself up for the week ahead - check out our newsletter, and don't forget to look at the other noteworthy Threat Actor reporting and Tradecraft section - there are some great nuggets in there that you won't want to miss!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-c8a?sd=pf

#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #malvertising #seo #SEOPoisoning

Risky Biz News:
Google Search and Ads have a major malware problem

https://riskybiznews.substack.com/p/risky-biz-news-google-search-and

... Before: Spear-phishing, mass-phishing, and malspam. Email security sucked, security simplistic, and email spam delivery was cheap.

Now again back to #SEOpoisoning

TradingView #SEOPoisoning leading to #Rhadamanthys infection

Delivery:
hxxps://tradingwiv[.]com
hxxp://dropbox[.]com/s/kvtg7pwzb4a0xu0/TradingVlew_x32_x64_bit.zip?dl=1

#C2: 179.43.142.109

GPU-Z #SEOPoisoning leading to #Rhadamanthys infection

Delivery: hxxps://download-gpuz[.]net

#C2: 152.89.198.59

Panel: hxxp://152.89.198.59:443/admin/console/index.html

Gootkit Loader campaign targets Australian Healthcare Industry https://securityaffairs.com/140655/malware/gootkit-loader-targets-australia.html #informationsecuritynews #ITInformationSecurity #PierluigiPaganini #SecurityAffairs #BreakingNews #SecurityNews #seopoisoning #hackingnews #CyberCrime #Cybercrime #healthcare #Australia #Security #Hacking #Malware #Gootkit #malware