Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover A critical-severity vulnerability in the Really Simple Security plugin for WordPress potentially exposed four million websites to complete takeover, WordPress security firm Defiant warns. Tracked as CVE-2024-10924 (CVSS score of 9.8), the issue is described as an authentication bypass that allows an unauthenticated attacker to log in as any user, including an administrator. According to Defiant, the security defect exists because of an improper user check error handling in the plugin’s two-factor REST API action. Specifically, the bug is triggered if two-factor authentication (2FA) is enabled. See more:

SecurityWeek

Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover

Over 4 million WordPress websites were impacted by a critical Really Simple Security vulnerability providing full administrative access.

#cybersecurity #wordpress

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software," Cisco Talos researchers Joey Chen, Alex Karkins, and Chetan Raghuprasad said. "PXA Stealer has the capability to decrypt the victim's browser master password and uses it to steal the stored credentials of various online accounts" See more:

The Hacker News

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

Vietnam-linked hackers target Europe and Asia with PXA Stealer malware, stealing credentials and Facebook ad data.

#cybersecurity #malware

Known Brand, Government Domains Hijacked via Sitting Ducks Attacks Tens of thousands of domains, including those of well-known brands, non-profits, and government entities, have been hijacked over the past five years because DNS providers failed to properly verify domain ownership, cybersecurity firm Infoblox reports. The issue was initially disclosed in late July, when Eclypsium and Infoblox said that roughly 35,000 domains had been hijacked since 2018 by abusing the weakness as part of so-called Sitting Ducks attacks. However, that was just the tip of the iceberg, Infoblox says in a new report. Further investigation into this configuration-oriented attack vector has revealed that at least 800,000 domains could be hijacked, and that 70,000 have already fallen victim to attackers. Sitting Ducks poses a threat to both businesses and their users, Infoblox warns. The attacks cause reputational damage and financial losses, and could lead to malware infections, credential theft, and fraud.

SecurityWeek

Known Brand, Government Domains Hijacked via Sitting Ducks Attacks

Hackers have hijacked over 70,000 domains, including known brands and government entities, because of failed domain ownership verification.

#cybersecurity #dns

New Glove infostealer malware bypasses Chrome’s cookie encryption A newly identified information stealer can bypass the App-Bound Encryption mechanism in Chromium-based browsers, cybersecurity software provider Gen Digital reports. Written in .NET and dubbed Glove Stealer, the malware targets multiple browsers and extensions to exfiltrate sensitive information such as cookies and credentials, along with data from cryptocurrency wallets, authenticators, password managers, email clients, and other applications. What makes Glove Stealer stand out from the crowd, however, is its ability to bypass Application-Bound (App-Bound) Encryption, the cookie protection mechanism that was introduced in Chrome 127 to prevent their theft. See more: Bleeping Computer

BleepingComputer

New Glove infostealer malware bypasses Chrome’s cookie encryption

​New Glove Stealer information-stealing malware can bypass Google Chrome's Application-Bound (App-Bound) encryption to steal browser cookies.

Security Week:

SecurityWeek

Glove Stealer Malware Bypasses Chrome's App-Bound Encryption

The Glove Stealer malware leverages a recently disclosed App-Bound encryption bypass method in attacks against browsers.

#cybersecurity #malware

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8. Environment variables are user-defined values that can allow a program to dynamically fetch various kinds of information, such as access keys and software installation paths, during runtime without having to hard-code them. In certain operating systems, they are initialized during the startup phase. See more The Hackers News:

The Hacker News

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Critical PostgreSQL flaw (CVE-2024-10979) patched; update now to prevent code execution and data breaches.

Hackread:

Hackread - Cybersecurity News, Data Breaches, AI and More

8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk

Follow us on Twitter (X) @Hackread - Facebook @ /Hackread

#cybersecurity #postgres

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild. To that end, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, 2024. The security flaws: - CVE-2024-9463 (CVSS score: 9.9) - Palo Alto Networks Expedition OS Command Injection Vulnerability - CVE-2024-9465 (CVSS score: 9.3) - Palo Alto Networks Expedition SQL Injection Vulnerability See more The Hackers News

The Hacker News

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed

Critical Palo Alto Expedition flaws exploited in attacks; CISA mandates urgent patch by December 5

Bleeping Computer:

BleepingComputer

CISA warns of more Palo Alto Networks bugs exploited in attacks

CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited ...

#cybersecurity #injection

Low-Code, High Risk: Millions of Records Exposed via Misconfigured Microsoft Power Pages Researchers have discovered multiple misconfigured implementations of Microsoft Power Pages, and suspect the problem may be widespread. The problem is purely a configuration issue, and not a Microsoft issue. In fact, the MS product displays numerous banner warnings when it notes potential configuration concerns. What Microsoft cannot do is ensure that its users respond to the warnings. Since the problems are not down to Microsoft code, but the users’ use of that code, AppOmni has not reported its findings directly to Microsoft because there is nothing for Microsoft to fix. The firm has however, reported its findings to all the affected companies it has discovered – and all the discovered misconfigurations have now been fixed. See more:

SecurityWeek

Low-Code, High Risk: Millions of Records Exposed via Misconfigured Microsoft Power Pages

Security researcher found several Microsoft Power Pages installations with misconfigurations allowing access to confidential data.

#cybersecurity

The true (and surprising) cost of forgotten passwords Password resets are expensive because their hidden costs can quickly add up. When an employee forgets their password, there are some obvious expenses — for example, the time your help desk employee needs to verify the user’s identity and implement the reset. Research from Forrester estimates the average password reset cost is $70, including direct (IT staff time) and indirect costs (lost productivity). That means if you handle IT for a mid-sized organization with 1,000 employees, and each employee only needs a password reset two times a year, you could be spending $140,000 annually on password resets. See more:

BleepingComputer

The true (and surprising) cost of forgotten passwords

Password resets are more expensive for your organization than you may realize. Learn more from Specops Software on why password resets are so expen...

#cybersecurity #passwords

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis. APT (advanced persistent threat) Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target. See more The Hackers News

The Hacker News

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel

Hamas-linked cyber group WIRTE expands attacks on Israeli entities, using wipers and phishing tools.

Dark Reading

Dark Reading

Hamas Hackers Spy on Mideast Gov

APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.

#cybersecurity

Leaked info of 122 million linked to B2B data aggregator breach The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from a B2B demand generation platform. The data comes from DemandScience (formerly Pure Incubation), a B2B demand generation company that aggregates data. Data aggregation is the process of collecting, compiling, and organizing data from public sources to create a comprehensive dataset valuable for digital marketers and advertisers in creating rich "profiles" used to generate leads or marketing information. In the case of DemandScience, the firm collected business data from public sources and third parties, including full names, physical addresses, email addresses, telephone numbers, job titles and functions, and social media links. See more:

BleepingComputer

Leaked info of 122 million linked to B2B data aggregator breach

The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from a B2B demand gene...

#cybersecurity #databreach

New Google Pixel AI feature analyzes phone conversations for scams Google is adding a new AI-powered scam protection feature that monitors phone call conversations on Google Pixel devices to detect patterns that warn when the caller may be a scammer. Although all processing happens on the device, Google has opted to keep the feature off by default, allowing users to activate it through the Phone app settings or even during a particular call. Google has also added a new real-time protection feature to Google Play Protect that detects when unsafe apps are found on Google Play. The scanning and detection process is handled locally on the device through Android's Private Computer Core to protect users' privacy. See more:

BleepingComputer

New Google Pixel AI feature analyzes phone conversations for scams

Google is adding a new AI-powered scam protection feature that monitors phone call conversations on Google Pixel devices to detect patterns that wa...

#cybersecurity #android

Microsoft patches Windows zero-day exploited in attacks on Ukraine Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. The security flaw (CVE-2024-43451) is an NTLM Hash Disclosure spoofing vulnerability reported by ClearSky security researchers, which can be exploited to steal the logged-in user's NTLMv2 hash by forcing connections to a remote attacker-controlled server. "Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing could trigger this vulnerability. See more:

BleepingComputer

Microsoft patches Windows zero-day exploited in attacks on Ukraine

Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian enti...

#cybersecurity #patches #zeroday

Hive0145 Targets Europe with Advanced Strela Stealer Campaigns Ongoing campaigns by cybercriminal group Hive0145 have launched a series of attacks across Europe, deploying the sophisticated Strela Stealer malware to steal sensitive email credentials. IBM X-Force researchers reported in a new advisory today that this wave primarily targets Spain, Germany and Ukraine, and employs stolen, authentic invoices in phishing emails to deceive recipients and boost infection success. See more:

Infosecurity Magazine

Hive0145 Targets Europe with Advanced Strela Stealer Campaigns

Hive0145 is targeting Spain, Germany, Ukraine with Strela Stealer malware in invoice phishing tactic

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker's inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted disks." ShrinkLocker was first documented in May 2024 by Kaspersky, which found the malware's use of Microsoft's native BitLocker utility for encrypting files as part of extortion attacks targeting Mexico, Indonesia, and Jordan. See more The Hackers News:

The Hacker News

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims

Bitdefender releases a free tool to decrypt ShrinkLocker ransomware, targeting systems using BitLocker

Bleeping Computer:

BleepingComputer

New ShrinkLocker ransomware decryptor recovers BitLocker password

Bitdefender has released a decryptor for the 'ShrinkLocker' ransomware strain, which uses Windows' built-in BitLocker drive encrypti...

Hackread:

Hackread - Cybersecurity News, Data Breaches, AI and More

Bitdefender Finds New ShrinkLocker Ransomware, Releases Its Decryptor Tool

Follow us on Twitter (X) @Hackread - Facebook @ /Hackread

#cybersecurity #ransomware

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims Intel and AMD have published November 2024 Patch Tuesday security advisories to inform customers about vulnerabilities found recently in their products. Intel has released 44 new advisories for over 80 vulnerabilities, including more than 20 high-severity issues. AMD published eight new advisories on Tuesday. Four of them cover incorrect default permissions vulnerabilities discovered by a researcher who uses the online moniker ‘Pwni’ in HIP SD, Cloud Manageability Service (ACMS), Ryzen Master Monitoring SDK and Ryzen Master Utility, and Provisioning Console. See more:

The Hacker News

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims

Bitdefender releases a free tool to decrypt ShrinkLocker ransomware, targeting systems using BitLocker

#cybersecurity #patches

Ivanti Patches 50 Vulnerabilities Across Several Products IT software company Ivanti on Tuesday announced patches for close to 50 vulnerabilities, including eight critical-severity bugs in Connect Secure, Policy Secure, and Endpoint Manager. The critical issues, tracked as CVE-2024-38655, CVE-2024-38656, CVE-2024-39710 to CVE-2024-39712, and CVE-2024-11005 to CVE-2024-11007, are described as argument and command injection flaws that could allow authenticated attackers with administrator privileges to achieve remote code execution (RCE). See more:

SecurityWeek

Ivanti Patches 50 Vulnerabilities Across Several Products

Ivanti released fixes for dozens of vulnerabilities in Endpoint Manager, Avalanche, Connect Secure, Policy Secure, and Secure Access Client.

#cybersecurity

High-Severity Vulnerabilities Patched in Zoom and Chrome  Zoom and Chrome security updates released on Tuesday patch over a dozen vulnerabilities affecting users across desktop platforms. Zoom announced fixes for six security defects, including two high-severity issues that could allow remote attackers to escalate privileges or leak sensitive information. Google announced the promotion of Chrome 131 to the stable channel with patches for 12 vulnerabilities, including eight reported by external researchers. The most severe of the externally reported flaws is a high-severity inappropriate implementation bug in Blink, tracked as CVE-2024-11110, which was reported last month. See more:

SecurityWeek

High-Severity Vulnerabilities Patched in Zoom, Chrome

Zoom security updates resolve six vulnerabilities and Chrome 131 stable is rolling out with 12 security fixes.

#cybersecurity #patches

Chinese Hackers Target Tibetan Websites in Malware Attack, Cybersecurity Group Says A hacking group that is believed to be Chinese state-sponsored has compromised two websites with ties to the Tibetan community in an attack meant to install malware on users’ computers, according to findings released Wednesday by a private cybersecurity firm. The hack of the Tibet Post and Gyudmed Tantric University websites appears geared toward obtaining access to the computers of people visiting to obtain information on them and their activities, according to the analysis by the Insikt Group, the threat research division of the Massachusetts-based cybersecurity consultancy Recorded Future. See more:

SecurityWeek

Chinese Hackers Target Tibetan Websites in Malware Attack, Cybersecurity Group Says

Chinese state-sponsored hacking group compromised two websites with ties to the Tibetan community to install malware on computers.

#cybersecurity #malware

Signal introduces convenient "call links" for private group chats The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to join. The highlight feature announced is "call links," which allow users to create and share links with other Signal users without needing to create a group chat. The links can be created from the new "calls" tab in the Signal app and then shared with contacts with a single tap/click. Users can control who joins the secure group chats by requiring admin approval when a new join request is created, so the host can approve or decline them. See more:

BleepingComputer

Signal introduces convenient "call links" for private group chats

The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to j...

#privacy #signal

TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware A complex phishing campaign attributed to the Iranian-linked threat actor TA455, has been observed using sophisticated techniques to impersonate job recruiters on LinkedIn and other platforms. ClearSky Cyber Security released the report today, which outlines TA455’s methods, targets and infrastructure. The campaign, active since at least September 2023, begins with a spear phishing approach in which TA455 lures individuals with fake job offers. Using LinkedIn to gain trust, the attackers prompt victims to download a ZIP file titled “SignedConnection.zip,” which was flagged as malicious by five antivirus engines. This ZIP file contains an EXE file designed to load malware into the victim’s system through DLL side-loading, where a malicious DLL file called “secur32[.]dll” is loaded instead of a legitimate one, allowing the attacker to run undetected code within a trusted process. See more Infosecurity magazine:

Infosecurity Magazine

TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware

The TA455 phishing campaign used fake job offers on LinkedIn to deploy malware

The Hackers News:

The Hacker News

Iranian Hackers Use

Iran's TA455 hackers target aerospace with fake jobs and SnailResin malware, emulating North Korean tactics.

#cybersecurity #phishing #malware