Latest news with #WebSocket
Yahoo
12 hours ago
- Yahoo
Hackers are sneaking malware into your browser using Google's link, and antivirus software can't stop it
When you buy through links on our articles, Future and its syndication partners may earn a commission. Attackers use real Google URLs to sneak malware past antivirus and into your browser undetected This malware only activates during checkout, making it a silent threat to online payments The script opens a WebSocket connection for live control, completely invisible to the average user A new browser-based malware campaign has surfaced, demonstrating how attackers are now exploiting trusted domains like to bypass traditional antivirus defenses. A report from security researchers at c/side, this method is subtle, conditionally triggered, and difficult for both users and conventional security software to detect. It appears to originate from a legitimate OAuth-related URL, but covertly executes a malicious payload with full access to the user's browser session. The attack begins with a script embedded in a compromised Magento-based ecommerce site which references a seemingly harmless Google OAuth logout URL: However, this URL includes a manipulated callback parameter, which decodes and runs an obfuscated JavaScript payload using eval(atob(...)). The use of Google's domain is central to the deception - because the script loads from a trusted source, most content security policies (CSPs) and DNS filters allow it through without question. This script only activates under specific conditions. If the browser appears automated or the URL includes the word 'checkout,' it silently opens a WebSocket connection to a malicious server. This means it can tailor malicious behavior to user actions. Any payload sent through this channel is base64-encoded, decoded, and executed dynamically using JavaScript's Function constructor. The attacker can remotely run code in the browser in real time with this setup. One of the primary factors influencing this attack's efficacy is its ability to evade many of the best antivirus programs currently on the market. The script's logic is heavily obfuscated and only activates under certain conditions, making it unlikely to be detected by even the best Android antivirus apps and static malware scanners. They will not inspect, flag, or block JavaScript payloads delivered through seemingly legitimate OAuth flows. DNS-based filters or firewall rules also offer limited protection, since the initial request is to Google's legitimate domain. In the enterprise environment, even some of the best endpoint protection tools may struggle to detect this activity if they rely heavily on domain reputation or fail to inspect dynamic script execution within browsers. While advanced users and cybersecurity teams may use content inspection proxies or behavioral analysis tools to identify anomalies like these, average users are still vulnerable. Limiting third-party scripts, separating browser sessions used for financial transactions, and remaining vigilant about unexpected site behaviors could all help reduce risk in the short term. These are the best VPNs with antivirus you can use right now Take a look at our pick of the best internet security suites HP unveils the future of super-HD video meetings, but it comes at a huge price
Yahoo
23-05-2025
- Business
- Yahoo
GoldRhein Exchange Unveils Institutional API Gateway for Faster Trading
GoldRhein Exchange introduces a high-performance institutional API gateway aimed at enhancing strategic trading capabilities, reducing latency, and providing scalable infrastructure for global professional market participants. Berlin, Germany, May 23, 2025 (GLOBE NEWSWIRE) -- GoldRhein Exchange has officially launched a new Institutional API Gateway, delivering sub-millisecond latency and robust throughput capacity tailored for high-frequency, algorithmic, and institutional traders. This new product release reinforces GoldRhein Exchange's commitment to building secure, high-efficiency infrastructure for advanced trading strategies across global markets. The newly released gateway connects directly with the GoldRhein Exchange matching engine and supports both REST and WebSocket protocols. It is designed to handle thousands of order requests per second while maintaining real-time market data streaming and immediate order execution. The gateway also enables seamless portfolio monitoring, position reporting, and integrated risk management for multi-strategy teams and institutional desks.'Institutional traders today require infrastructure that is not only fast but secure, compliant, and deeply integrated with risk control frameworks,' said by Markus Engelhardt, a senior infrastructure lead at GoldRhein Exchange. 'This launch demonstrates our continued investment in latency-sensitive systems that meet the technical standards of today's global capital allocators.'The GoldRhein Exchange Institutional API Gateway offers:Ultra-low latency connectivity with global co-location optionsSecure key segmentation and encrypted access tokensReal-time order status and trade reconciliation interfacesEmbedded execution limiters and exposure risk parametersScalable architecture for hedge fund, family office, and broker useIn addition to the technology stack, GoldRhein Exchange has released a comprehensive developer toolkit, onboarding documentation, sandbox environment, and direct support line for API clients. The onboarding program includes assisted integration, test-driven deployment, and compliance-ready operational technical rollout follows GoldRhein Exchange's recent expansion in strategic global markets, with operational support centers now active in Europe, North America, and Asia-Pacific. These developments form part of a broader strategy to become the platform of choice for institutional-grade digital asset remains a cornerstone of the release. API access is protected through IP whitelisting, multi-factor authentication, and tiered permission settings. All institutional trading activities are auditable in real-time, with detailed logs and surveillance integration available to meet internal governance or regulatory inspection Exchange plans to expand the offering with additional modules, including FIX protocol support, cross-venue routing, and advanced execution analytics in future versions. These features aim to reinforce the exchange's positioning as a full-stack solution for digital asset strategy GoldRhein Exchange Institutional API to explore connectivity options, access the developer documentation, and learn more about advanced trading solutions, API security features, and institutional onboarding The information provided in this press release is not a solicitation for investment, nor is it intended as investment advice, financial advice, or trading advice. It is strongly recommended you practice due diligence, including consultation with a professional financial advisor, before investing in or trading cryptocurrency and securities. CONTACT: Felix Hoffmann support(at)
Techday NZ
22-05-2025
- Business
- Techday NZ
SEO poisoning attack diverts wages using fake payroll websites
Cybersecurity firm ReliaQuest has released an analysis of a search engine optimisation (SEO) poisoning campaign that led to payroll fraud at a manufacturing sector client. The attack, which was discovered in May 2025, involved adversaries creating a fake website resembling the victim organisation's login page, specifically targeting employees' mobile devices. Using credentials obtained through this fraudulent site, the attacker accessed the company's payroll portal, altered direct deposit details, and diverted employees' wages into their own accounts. ReliaQuest's security researchers noted that the tactics, techniques, and procedures (TTPs) associated with this incident closely align with those observed in two investigations from late 2024. This suggests the operation may be part of a wider, ongoing campaign targeting multiple organisations. SEO poisoning is a technique in which attackers use deceptive websites designed to mimic legitimate portals. These malicious pages are promoted to rank highly in search engine results, luring victims into providing their credentials. In this recent case, when employees searched for terms related to payroll or their company's portal using a mobile device, the attacker's site would appear top in the results, significantly increasing the likelihood of a successful breach. The attackers targeted employee mobile devices for two main reasons: many of these devices connect through guest Wi-Fi or remain disconnected from secure enterprise networks, making it easier to evade enterprise-grade security measures such as web traffic filtering. Visits often occurred outside working hours, meaning activity was not logged by company systems, hindering investigation and making it difficult to trace affected accounts. ReliaQuest highlighted, "Phishing attacks targeting off-network devices, like mobile phones, create big challenges for organisations, as they expose gaps that on-premises and cloud networks often overlook. These devices typically lack proper security and logging, leaving organisations in the dark when employee credentials are stolen - and unable to act fast enough." Upon clicking the malicious link from a mobile device, users were redirected to a phishing site mimicking a Microsoft login page, while users accessing the page from a workstation saw no significant content. This approach complicated efforts to detect and analyse the fraudulent website, as it both evaded detection by security tools and disrupted threat analysis. Captured credentials were sent to an adversary-controlled site using a PHP script also observed in previous incidents, strengthening the link between these attacks. Immediately after credentials were entered, an HTTP GET request established a WebSocket connection via Pusher, a genuine platform for real-time web communication. The phishing site's code enabled the attacker to receive stolen credentials in real time, allowing them to act quickly before passwords were reset. ReliaQuest explained the significance: "This phishing attack exposes user credentials without any monitoring or safeguards to block the activity, leaving organisations completely in the dark. By using Pusher, the attacker gains quick access to authentication portals, reusing compromised credentials. This highlights a critical vulnerability: Organisations with lax authentication controls can be easily caught off guard by attacks targeting employees' off-network personal devices, where traditional security measures often fall short." After harvesting credentials, the attacker accessed the payroll system from a residential IP address tied to telecommunications services, reviewed documents related to direct deposit changes, and amended payroll information to divert funds. Security logs later revealed additional access attempts from both US-based and Russian IP addresses, one of which was blocked. The attacker ultimately relied on residential IPs, making their activities difficult to distinguish from legitimate network traffic. ReliaQuest found that traffic originated from home office routers and mobile networks, with many routers identified as brands commonly targeted for compromise. Weak passwords, unpatched firmware, and vulnerabilities such as CVE-2024-3080 and CVE-2025-2492 were exploited to form botnets, whose proxies were sold on criminal marketplaces. Proxy network services, sometimes costing as little as $0.77 per gigabyte, enable attackers to disguise their activities by using apparently trustworthy residential IPs. The report referenced law enforcement actions such as the FBI's investigation into the Anyproxy and 5socks botnet services, which together generated over $46 million in criminal revenue, illustrating the market demand for residential proxy services. The use of proxy networks prevents standard network-based security methods from flagging suspicious access. ReliaQuest stated, "When attackers use proxy networks, especially ones tied to residential or mobile IP addresses, they become much harder for organisations to detect and investigate. Unlike VPNs, which are often flagged because their IP addresses have been abused before, residential or mobile IP addresses let attackers fly under the radar and avoid being classified as malicious. What's more, proxy networks allow attackers to make their traffic look like it originates from the same geographical location as the target organisation, bypassing security measures designed to flag logins from unusual or suspicious locations." ReliaQuest recommends organisations strengthen security controls by requiring multifactor authentication (MFA) and using conditional access policies on payroll portals. Employees should be regularly educated about accessing payroll systems only through approved channels such as single sign-on (SSO), and be encouraged to bookmark official portal addresses rather than relying on search engines. Monitoring payroll changes and maintaining clear incident response procedures are also advised.
Associated Press
06-03-2025
- Business
- Associated Press
WhiteBIT and Bequant Announce Strategic Partnership to Advance Institutional Crypto Trading
VILNIUS, Lithuania, March 06, 2025 (GLOBE NEWSWIRE) -- The cooperation aims to offer professional investors deeper liquidity, enhanced trading capabilities, and exceptional market access. WhiteBIT, Europe's largest cryptocurrency exchange by traffic, has partnered with Bequant, a leading provider of institutional crypto trading solutions. This collaboration is keen to create a comprehensive ecosystem tailored for institutional traders, offering modern trading tools and compliance-driven infrastructure. The crypto industry has witnessed rapid institutional adoption, with professional traders seeking advanced trading capabilities, regulatory compliance, and efficient liquidity access. WhiteBIT and Bequant's partnership aligns with this evolving landscape, equipping institutional investors with scalable, secure, and efficient trading solutions. 'This collaboration with Bequant is a strategic move to further enhance institutional crypto trading. By combining our expertise, we're ensuring that professional traders and institutional clients gain exceptional access to deep liquidity, regulatory-compliant infrastructure, and advanced trading tools,' said Volodymyr Nosov, Founder and President of WhiteBIT. Bequant Institutional Expertise Bequant is a top-tier proprietary trading firm that focuses on market making, quantitative trading, and institutional crypto services. By employing sophisticated trading strategies and efficient capital allocation, the firm enhances liquidity and improves overall market efficiency. As a regulated entity, Bequant also offers institutional investors a range of services, including OTC trading, lending solutions, and secure custody options. 'Partnering with WhiteBIT allows us to build deeper liquidity for institutional crypto trading across Europe, combining our expertise to deliver efficient, compliant solutions,' comments George Zarya, Founder of Bequant. Key Partnership Benefits The partnership between WhiteBIT and Bequant enables institutional clients to access WhiteBIT's deep liquidity and advanced trading infrastructure through Bequant's brokerage network. Market makers and high-volume traders using Bequant can now integrate WhiteBIT into their trading strategies, upgrading trade efficiency across different exchanges. Through this collaboration, institutional clients benefit from the following key advantages: Deep Liquidity & Market Efficiency. Institutional clients will gain access to over $2 trillion in annual trading volume, ensuring robust market depth and optimal liquidity conditions. Multi-Market Access. The partnership enables trading across spot, futures, and margin markets with competitive leverage options and advanced execution strategies. Regulatory Compliance & Security. WhiteBIT and Bequant adhere to international regulatory standards, including ISO/IEC certification and GDPR compliance, ensuring a secure trading environment. Seamless API Connectivity. REST, WebSocket, and FIX 4.4 integration will provide real-time market data access, automated trading capabilities, and efficient trade execution. WhiteBIT's Institutional Growth and Leadership As part of a trusted and scalable ecosystem, WhiteBIT serves over 8 million users and more than 1,300 institutional clients, offering a reliable infrastructure for professional traders seeking efficiency and security in digital asset markets. In 2024, WhiteBIT reported a $2.7 trillion annual trading volume, primarily driven by institutional clients, reinforcing its position as a leader in institutional crypto trading. About WhiteBIT WhiteBIT is the largest European cryptocurrency exchange by traffic, offering over 730 trading pairs, 330+ assets, and supporting 9 fiat currencies. Founded in 2018, the platform is a part of WhiteBIT Group that serves more than 35 million customers globally. WhiteBIT collaborates with Visa, FC Barcelona, Fireblocks, ClearJunction, and The company is dedicated to driving the widespread adoption of blockchain technology worldwide. About Bequant Bequant is where traditional investing meets cryptocurrency—a one-stop solution for professional digital asset investors and institutions. Located and regulated in Malta, Bequant's breadth of products include prime brokerage, custody and fund administration, all enhanced by an institutional trading platform providing low-latency trading, liquidity and direct market access for investors. The Bequant team is composed of experts from institutional, retail and digital financial services with experience in banking, derivatives, electronic trading and prime brokerage.
