Thursday, May 19, 2022

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

DOJ Says Doctor is Malware Mastermind

The U.S. Department of Justice indites middle-aged doctor, accusing him of being a malware mastermind.

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

Sysrv-K Botnet Targets Windows, Linux

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.

iPhones Vulnerable to Attack Even When Turned Off

Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

Microsoft's May Patch Tuesday update is triggering authentication errors.

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.

Malware Builder Leverages Discord Webhooks

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.

Intel Memory Bug Poses Risk for Hundreds of Products

Dell and HP were among the first to release patches and fixes for the bug.

Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.

Actively Exploited Zero-Day Bug Patched by Microsoft

Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.

Ransomware Deals Deathblow to 157-year-old College

Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.

Hackers Actively Exploit F5 BIG-IP Bug

The bug has a severe rating of 9.8, public exploits are released.

Conti Ransomware Attack Spurs State of Emergency in Costa Rica

The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks.

Low-rent RAT Worries Researchers

Researchers say a hacker is selling access to quality malware for chump change.

FBI: Rise in Business Email-based Attacks is a $43B Headache

A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem.

Podcast: The State of the Secret Sprawl

In this podcast with Mackenzie Jackson, developer advocate at GitGuardian, we dive into the report and also the issues that corporations face with public leaks from groups like Lapsus and more, as well as ways that developers can keep...
SecurityWeek

Phishers Add Chatbot to the Phishing Lure

Researchers have discovered a new approach being taken by phishers to increase victim engagement and confidence: the addition of an interactive chatbot. We have all become accustomed to the chatbots used by many of the largest service providers –...
SecurityWeek

QuSecure Lauches Quantum-Resilient Encryption Platform

New firm launches to provide the Easy Button for implementing quantum secure encryption The pressure to implement quantum secure encryption is increasing. This isn’t because functioning quantum computers able to crack asymmetric encryption are expected tomorrow, but because of the...
The Register

Iran, China-linked gangs join Putin’s disinformation war online

They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives...

6 Scary Tactics Used in Mobile App Attacks

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.