Tag Archives: Malware

GoDaddy also faced security events from 2020 to 2022, which it shared were carried out by the same attacker.
| Photo Credit: Special Arrangement

An unauthorised third party gained access to GoDaddy, a web host, domain registrar and website building platform’s, servers in its cPanel shared hosting environment and installed malware causing intermittent redirection of customer websites, the platform shared in a blog post.

The breach was first discovered in December 2022 after the platform investigated customer complaints about their sites being used to redirect to random domains.

The company claims that a sophisticated threat actor group, among other things, installed malware on its systems and obtained pieces of code related to some services in the Dec. 2022 attack.

The company also…

Late last week [2023-02-16], popular web hosting company GoDaddy filed its compulsory annual 10-K report with the US Securities and Exchange Commission (SEC).

Under the sub-heading Operational Risks, GoDaddy revealed that:

In December 2022, an unauthorized third party gained access to and installed malware on our cPanel hosting servers. The malware intermittently redirected random customer websites to malicious sites. We continue to investigate the root cause of the incident.

URL redirection, also known as URL forwarding, is an unexceptionable feature of HTTP (the hypertext transfer protocol), and is commonly used for a wide variety of reasons.

For example, you might decide to change your company’s main domain name, but want to keep all your old links alive; your company might…

GoDaddy website servers are some of the latest to fall victim to fall victim to hackers seeking to install malware and cause intermittent redirections on customer website.

The website hosting company shared the news in its 10-K filing with the Securities and Exchange Commission last week, explaining a “sophisticated threat actor” conducted the hacking campaign for two years.

GoDaddy officials said in the filing, “In March 2020, we discovered a threat actor compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts, as well as the login credentials of a small number of our personnel.”

FTX SAYS HACKERS STOLE $415M AFTER…

GitHub is a popular code repository used by almost all software developers. Anyone can access it to share their code with practically anyone interested. Unfortunately, not every GitHub user is trustworthy. It has, in fact, been used to host malware at least a couple of times.

In March 2018, for instance, cybercriminals hosted cryptocurrency mining malware on GitHub. More recently, a researcher reportedly used the repository to host several malicious projects. WhoisXML API threat researcher Dancho Danchev took a closer look at one such campaign using six domains and subdomains as jump-off points.

Danchev’s findings led to the discovery of:

• More than 90 active IP resolutions of the domains and subdomains identified as indicators of compromise (IoCs), four of which were…

A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns.

“The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites,” Avast researchers Pavel Novák and Jan Rubín said in a report published last week.

Traffic direction systems are used by threat actors to determine whether or not a target is of interest and should be redirected to a malicious domain under their control and act as a gateway to compromise their systems with malware.

Earlier this January, the BlackBerry Research and Intelligence Team detailed another TDS called Prometheus that has been put to use in…