Cybersecurity Weekly: Wordpress patches, NAT bypasses, Windows zero-day
WordPress patches a three-year-old high-severity RCE bug. A new NAT bypass attack lets hackers access any TCP/UDP service. A Windows zero-day bug is being exploited in the wild. All this, and more, in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. WordPress patches three-year-old high-severity RCE bug
WordPress released a 5.5.2 update to its web publishing software platform. The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack. The vulnerability’s impact may be high, but the probability an adversary could reproduce the attack in the wild is low.
2. New NAT bypass attack lets hackers access any TCP/UDP service
A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site that triggers the gateway to open any TCP/UDP port on the victim.
3. Windows zero-day bug exploited in the wild
Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild. The privilege escalation vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since Windows 7 in the Windows Kernel Cryptography Driver that can be exploited for a sandbox escape.
4. Browser bugs exploited to install two new backdoors on targeted computers
Last week, cybersecurity researchers disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spearphishing attacks and delivering malware. UCWeb and Bolt Browser remain unpatched as of yet, while Opera Mini is expected to receive a fix on November 11.
5. Hacker selling 34 million user records stolen from 17 companies
Cybersecurity researchers discovered details about a new watering hole attack targeting the Korean diaspora. It exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed Operation Earth Kitsune, the campaign involves the use of Slack and GitHub malware.
6. KashmirBlack botnet hijacks thousands of sites using popular CMS platforms
An active botnet is exploiting dozens of known vulnerabilities to target widely-used content management systems.The KashmirBlack campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, Magneto, Drupal and Vbulletin.
7. Maze ransomware shuts down operations, denies creating cartel
The Maze ransomware gang announced last week that they have officially closed down their ransomware operation and will no longer be leaking new companies' data on their site. Maze Ransomware rose to prominence in November 2019, when they stole unencrypted files and then publicly released them after a victim did not pay.
8. Gold seller JM Bullion hacked to steal customers' credit cards
Precious metal online retailer JM Bullion disclosed a data breach after their site was hacked to include malicious scripts that stole customers' credit card information. The malicious scripts were present on the site between February 18, 2020, and July 17, 2020, and caused any submitted payment information to be sent to a remote server under the attacker's control.
9. Enel Group hit by ransomware again, hackers demand $14 million
Multinational energy company Enel Group was hit by a ransomware attack for the second time this year. The attacker is asking for a $14 million ransom in exchange for the decryption key and to not release several terabytes of stolen data. In early June, Enel's internal network was attacked by Snake ransomware, but the attempt was caught before the malware could spread.
10. Scammers abuse Google Drive to send malicious links
The recent attack stems from Google Drive’s legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc. Attackers are abusing this feature to send mobile users Google Drive notifications that invite them to collaborate on documents, which then contain malicious links.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity Weekly: Wordpress patches, NAT bypasses, Windows zero-day
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
