Latest news with #Pusher
Techday NZ
22-05-2025
- Business
- Techday NZ
SEO poisoning attack diverts wages using fake payroll websites
Cybersecurity firm ReliaQuest has released an analysis of a search engine optimisation (SEO) poisoning campaign that led to payroll fraud at a manufacturing sector client. The attack, which was discovered in May 2025, involved adversaries creating a fake website resembling the victim organisation's login page, specifically targeting employees' mobile devices. Using credentials obtained through this fraudulent site, the attacker accessed the company's payroll portal, altered direct deposit details, and diverted employees' wages into their own accounts. ReliaQuest's security researchers noted that the tactics, techniques, and procedures (TTPs) associated with this incident closely align with those observed in two investigations from late 2024. This suggests the operation may be part of a wider, ongoing campaign targeting multiple organisations. SEO poisoning is a technique in which attackers use deceptive websites designed to mimic legitimate portals. These malicious pages are promoted to rank highly in search engine results, luring victims into providing their credentials. In this recent case, when employees searched for terms related to payroll or their company's portal using a mobile device, the attacker's site would appear top in the results, significantly increasing the likelihood of a successful breach. The attackers targeted employee mobile devices for two main reasons: many of these devices connect through guest Wi-Fi or remain disconnected from secure enterprise networks, making it easier to evade enterprise-grade security measures such as web traffic filtering. Visits often occurred outside working hours, meaning activity was not logged by company systems, hindering investigation and making it difficult to trace affected accounts. ReliaQuest highlighted, "Phishing attacks targeting off-network devices, like mobile phones, create big challenges for organisations, as they expose gaps that on-premises and cloud networks often overlook. These devices typically lack proper security and logging, leaving organisations in the dark when employee credentials are stolen - and unable to act fast enough." Upon clicking the malicious link from a mobile device, users were redirected to a phishing site mimicking a Microsoft login page, while users accessing the page from a workstation saw no significant content. This approach complicated efforts to detect and analyse the fraudulent website, as it both evaded detection by security tools and disrupted threat analysis. Captured credentials were sent to an adversary-controlled site using a PHP script also observed in previous incidents, strengthening the link between these attacks. Immediately after credentials were entered, an HTTP GET request established a WebSocket connection via Pusher, a genuine platform for real-time web communication. The phishing site's code enabled the attacker to receive stolen credentials in real time, allowing them to act quickly before passwords were reset. ReliaQuest explained the significance: "This phishing attack exposes user credentials without any monitoring or safeguards to block the activity, leaving organisations completely in the dark. By using Pusher, the attacker gains quick access to authentication portals, reusing compromised credentials. This highlights a critical vulnerability: Organisations with lax authentication controls can be easily caught off guard by attacks targeting employees' off-network personal devices, where traditional security measures often fall short." After harvesting credentials, the attacker accessed the payroll system from a residential IP address tied to telecommunications services, reviewed documents related to direct deposit changes, and amended payroll information to divert funds. Security logs later revealed additional access attempts from both US-based and Russian IP addresses, one of which was blocked. The attacker ultimately relied on residential IPs, making their activities difficult to distinguish from legitimate network traffic. ReliaQuest found that traffic originated from home office routers and mobile networks, with many routers identified as brands commonly targeted for compromise. Weak passwords, unpatched firmware, and vulnerabilities such as CVE-2024-3080 and CVE-2025-2492 were exploited to form botnets, whose proxies were sold on criminal marketplaces. Proxy network services, sometimes costing as little as $0.77 per gigabyte, enable attackers to disguise their activities by using apparently trustworthy residential IPs. The report referenced law enforcement actions such as the FBI's investigation into the Anyproxy and 5socks botnet services, which together generated over $46 million in criminal revenue, illustrating the market demand for residential proxy services. The use of proxy networks prevents standard network-based security methods from flagging suspicious access. ReliaQuest stated, "When attackers use proxy networks, especially ones tied to residential or mobile IP addresses, they become much harder for organisations to detect and investigate. Unlike VPNs, which are often flagged because their IP addresses have been abused before, residential or mobile IP addresses let attackers fly under the radar and avoid being classified as malicious. What's more, proxy networks allow attackers to make their traffic look like it originates from the same geographical location as the target organisation, bypassing security measures designed to flag logins from unusual or suspicious locations." ReliaQuest recommends organisations strengthen security controls by requiring multifactor authentication (MFA) and using conditional access policies on payroll portals. Employees should be regularly educated about accessing payroll systems only through approved channels such as single sign-on (SSO), and be encouraged to bookmark official portal addresses rather than relying on search engines. Monitoring payroll changes and maintaining clear incident response procedures are also advised.
Yahoo
17-03-2025
- Entertainment
- Yahoo
France TV Distribution's Corsica Blood Feud Thriller ‘Vendetta,' from ‘A Prophet' Producer Marco Cherqui, to Launch at Series Mania (EXCLUSIVE)
'Vendetta,' the awaited Corsican blood feud drama-thriller from Marco Cherqui, who produced Jacques Audiard's breakout movie 'A Prophet,' will be brought onto the sales market at Series Mania by France TV Distribution. Set up at CPB Films, behind Rebecca Zlotowski's 2019 Toronto player 'Savages' and the upcoming series expansion of 'A Prophet,' both produced by Cherqui as CPB head of TV drama and cinema, 'Vendetta' is co-produced by public broadcaster France TV, where it will air on France 2. More from Variety Series Mania Program Seriesmakers Unveils New Projects From 'Pusher,' 'Blackport,' 'The Cakemaker' Creatives (EXCLUSIVE) About Premium Content, AMC Board Series Mania Selected 'Requiem for Selina' About First Beauty Influencers (EXCLUSIVE) Series Mania Buyers Upfront: Series From Beta, Fremantle, Mediawan, Erik Barmack, ZDF Studios Make for a Mouthwatering Lineup News of its international distribution launch comes just after 'Vendetta' went into production in the first week of March, shooting in Corsica. Billed as a mafia thriller and family tragedy, the six-part series turns on Anto, a Parisian cop of Corsican origin, who returns to his homeland with wife Vanina, to take over the family vineyard. Ambushed, his father is murdered and Anto, wounded, falls into deep coma. As a child, Anto had sworn to his brother – killed soon after in a vendetta – to break the cycle of vengeance plaguing his family for generations. Awaking 10 years later, he discovers that his now teen son Santu is obsessed with revenge. 'How far will Anto go to protect his son and reclaim his life?' the synopsis asks. 'Vendetta' toplines Thierry Neuvic ('Code Unknown,' 'Hereafter') Vahina Giocante ('Bellamy'), Tchéky Karyo ('The Missing'), Stanley Weber ('Borgia'), Laetitia Eïdo ('Fauda') and Philippe Corti ('Mafiosa'). Cherqui's credits also take in, before joining CPB Films in 2017, comedy series 'Kabul Kitchen,' a Monte Carlo TV Festival top prize winner, and, at CPB, popular crime comedy movie series 'Everyone Lies.' 'Vendetta' is co-written and directed by Ange Baserga ('Dealer'), and also penned by Emmanuelle Michaux ('Master Crimes') and Pierre-Marie Mosconi ('Surf Therapy). The crime drama joins an International distribtion slate at France TV Distribution, the commercial arm of France Télévisions, which also includes renewed comedy series 'Apsergirl' and thriller 'Danger in the Valley,' co-written by bestselling Michel Bussi ('Prison Island'). Best of Variety New Movies Out Now in Theaters: What to See This Week Oscars 2026: First Blind Predictions Including Timothée Chalamet, Emma Stone, 'Wicked: For Good' and More What's Coming to Disney+ in March 2025
