A new security flaw has been discovered in the widely used All-in-One WP Migration Extensions plugin, potentially leaving millions of WordPress websites vulnerable to unauthorized access token manipulation. The All-in-One WP Migration plugin, a popular tool for seamlessly migrating WordPress websites, boasts over 60 million installations. The plugin offers premium extensions, including those for Box,
Month: August 2023
Aug 30, 2023THNMalware / Endpoint Security New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON security conference held earlier this month. Microsoft’s container
The leak of the LockBit 3.0 ransomware builder has triggered a surge in personalized variants, impacting various organizations. Writing in an advisory published last Friday, Kaspersky researchers Eduardo Ovalle and Francesco Figurelli have provided insights into the consequences of this breach, shedding light on the array of LockBit 3.0 derivatives. LockBit 3.0, also known as
by Paul Ducklin US food delivery compeny PurFoods, which trades as Mom’s Meals, has just admitted to a cyberintrusion that took place from 2023-01-16 to 2023-02-22. The company stated officially that: [The] cyberattack […] included the encryption of certain files in our network. Because the investigation identified the presence of tools that could be used
Aug 30, 2023THNVulnerability / Network Security VMware has released software updates to correct two security vulnerabilities in Aria Operations for Networks that could be potentially exploited to bypass authentication and gain remote code execution. The most severe of the flaws is CVE-2023-34039 (CVSS score: 9.8), which relates to a case of authentication bypass arising as
QukBot was one of the most active malware families in Q2 of 2023, according to the latest HP Wolf Threat Insights Report. An analysis by the company noted that the cyber-criminals are diversifying attack methods to bypass security policies and detection tools, one example of this is using “building blog style attacks” to carry out
Aug 29, 2023THNOnline Security / Cyber Threat Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services like PerSwaysion are incorporating AiTM capabilities. “This development
The FBI has urged users of affected Barracuda appliances to replace them immediately, after warning that they’re still being targeted by a Chinese APT group. A Flash update issued by the agency this week revealed that zero-day vulnerability CVE-2023-2868 continues to be exploited by the group, dubbed UNC4841 by Mandiant, in cyber-espionage attacks. “Barracuda customers
Aug 28, 2023THNInternet of Things / Malware An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out its capabilities and the attack surface. “The binary now includes support for Telnet scanning and support for more CPU architectures,” Akamai security researcher Larry W. Cashdollar said in
Security researchers are urging Azure Active Directory (AD) users to monitor for abandoned reply URLs after revealing a critical vulnerability in the Microsoft Power Platform. Secureworks said it discovered the reply URL takeover bug earlier in April and it was fixed by Microsoft within 24 hours. More specifically, the researchers had found an abandoned reply
The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. “The attacker behind this incident decided to use a
The UK’s data protection watchdog is urging victims of so-called “text pests” to come forward after revealing that nearly a third (29%) of 18–34-year-olds have had their personal information misused. Text pest cases occur when an individual gives their personal details, including phone number or email, to a business for legitimate reasons. However, someone working
Aug 26, 2023THNData Breach / SIM Swapping Risk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a “highly sophisticated” SIM swapping attack. The incident, which took place on August 19, 2023, targeted the employee’s T-Mobile account, the company said. “Specifically, T-Mobile, without any authority from or
The North Korean state-sponsored actor Lazarus Group recently started a new campaign targeting internet backbone infrastructure and healthcare entities in Europe and the US, security researchers from Cisco Talos have found. The researchers said that the attackers began exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) in January 2023, only five days after it was disclosed. This
by Paul Ducklin HOW MANY CRYPTOGRAPHERS? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed
Aug 24, 2023THNCyber Attack / Hacking The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco
The notorious XLoader malware has resurfaced, posing as a seemingly innocuous office productivity app named “OfficeNote.” Known for its malicious activities since 2015, XLoader started targeting macOS systems in 2021, leveraging Java dependencies for its operation. However, according to an advisory published by SentinelOne on Monday, this new iteration is self-sufficient, programmed in C and
by Paul Ducklin The venerable RAR program, short for Roshal’s Archiver after its original creator, has been popular in file sharing and software distribution circles for decades, not least because of its built-in error recovery and file reconstruction features. Early internet users will remember, with little fondness, the days when large file transfers were shipped
Aug 23, 2023THNCryptocurrency / Cyber Attack The U.S. Federal Bureau of Investigation (FBI) on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. The law enforcement agency attributed the blockchain activity to an adversary the U.S. government tracks as TraderTraitor, which is also
Cybersecurity-as-a-Service provider Critical Insight has unveiled its 2023 H1 Healthcare Data Breach Report, offering insights into the cybersecurity landscape of the healthcare sector. The analysis is based on reported data breaches from healthcare organizations to the US Department of Health and Human Services (HHS). The report notes an overall decrease of 15% in total breaches
by Paul Ducklin A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb. The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] best seller on Amazon Italy,”
Aug 23, 2023THNSoftware Security / Malware More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. The ongoing campaign, first detected on August 1 by ReversingLabs, employs
Cyber-criminals have been exploiting fraudulent artificial intelligence (AI) bots to attempt and install malicious software under the guise of genuine AI applications. According to a new advisory published by ESET security researchers, the campaign came to light when an advertisement on Facebook promoted the download of what seemed to be the latest version of Google’s
by Paul Ducklin Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity. We’ll start with the good news: the tricks that Jamf discovered can’t magically be triggered remotely, for example merely by enticing you to a booby-trapped website. Attackers need to
Aug 22, 2023THNMalware / Endpoint Security A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called “OfficeNote.” “The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg,” SentinelOne security researchers
A collaborative effort led by Interpol, known as Africa Cyber Surge II, has yielded significant results in combating cybercrime across the African continent. The joint initiative, supported by international and national law enforcement agencies alongside private sector cybersecurity companies, has led to the successful arrest of 14 suspected cyber-criminals. The operation also identified over 20,000
Aug 21, 2023THNCyber Threat / Malware The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system. Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual
A recent cybersecurity study has brought to light a concerning vulnerability crisis affecting web applications. CyCognito’s semi-annual State of External Exposure Management report unveiled a distressing landscape of digital threats across public cloud, mobile and web platforms. The comprehensive analysis of 3.5 million assets, encompassing Fortune 500 entities, highlights the precarious state of data security. The
Aug 19, 2023THNMalvertising / Website Security Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that’s engineered to conduct tech support scams. The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering
A significant phishing campaign employing QR codes has recently come to light, with a major US-based energy company as one of the primary targets. The campaign, which began in May 2023, has witnessed a 2400% surge in volume since then, underscoring the urgency of addressing this emerging threat. Cybersecurity company Cofense has been closely monitoring