Five Million WordPress Websites in Danger Due to Critical LiteSpeed Cache Vulnerability
A critical vulnerability in the LiteSpeed Cache plugin, used by over five million WordPress websites, allows attackers to gain administrator-level access and potentially take over sites. The flaw stems from a weak random number generator used to protect the plugin’s user simulation feature, making it susceptible to brute-force attacks that can exploit predictable hash values. The vulnerability has been patched in version 6.4 of the plugin, and users are urged to update immediately to prevent exploitation, as this flaw represents a significant security risk to affected websites.
A Kansas CEO Transferred Millions of Dollars to Cryptocurrency Scammers in a Pig Butchering Scheme
A Kansas CEO, Shan Hanes, embezzled $47.1 million from Heartland Tri-State Bank by transferring funds to cryptocurrency scammers in a pig butchering scheme, ultimately leading to the bank’s collapse. The fraudulent transactions, carried out between May and June 2023, resulted in the loss of nearly $10 million for investors and forced the bank, which had $135 million in assets, to close. Hanes’s actions, driven by greed, not only violated federal law but also undermined trust in financial institutions, earning him a 24-year prison sentence.
US Oil Giant Halliburton Confirms Cyberattack Behind Systems Shutdown
Halliburton, a leading oil services provider, confirmed a cyberattack on August 21, 2024, resulting in the shutdown of some systems as a containment measure. The company has activated its cybersecurity response plan, engaged external advisors, and reported the incident to law enforcement while working to restore affected systems. The nature of the attack remains undisclosed, but Halliburton continues to communicate with stakeholders and follow safety protocols.
Russian Laundering Millions for Lazarus Hackers Arrested in Argentina
Argentine federal police arrested a Russian national in Buenos Aires for laundering cryptocurrency linked to North Korean Lazarus hackers, child exploitation, and terrorism financing. The suspect used a complex network of blockchain transactions, converting stolen crypto into fiat currency, and had processed over $100 million, including funds from high-profile hacks. Authorities seized electronic devices and $15 million in crypto assets from the suspect’s apartment, while the Lazarus group has shifted to using a new crypto tumbler service for laundering.
Georgia Tech Sued Over Cybersecurity Violations
The U.S. government has filed a lawsuit against Georgia Tech and its affiliate, Georgia Tech Research Corporation (GTRC), for failing to meet cybersecurity requirements under a Department of Defense (DoD) contract, marking the first case under the DoJ’s Civil Cyber-Fraud Initiative. The allegations include not implementing required security controls, failing to install anti-virus software, and submitting a false cybersecurity assessment score to the DoD. Georgia Tech denies the allegations, asserting that no breach or data leak occurred and plans to challenge the lawsuit in court.
Greasy Opal’s CAPTCHA solver still serving cybercrime after 16 years
Greasy Opal, a developer active for nearly two decades, has fueled the cybercrime-as-a-service industry by providing sophisticated CAPTCHA-solving tools that enable large-scale automated attacks. Operating under a legitimate business facade, Greasy Opal tailors its tools to customer needs, serving various cybercrime groups, including those targeting major tech companies and government services. Despite not directly engaging in attacks, Greasy Opal’s tools, driven by advanced OCR and machine learning, have significantly empowered low-skill threat actors, generating substantial revenue while facilitating global cyber threats.
Man Charged for Treason Over DDoS Attacks
Russia’s Federal Security Service (FSB) has charged a former science organization employee with treason for conducting DDoS attacks on critical infrastructure, allegedly in coordination with Ukrainian special services. The suspect, who also transferred funds to Ukraine’s Armed Forces, faces up to 20 years in prison for attempting to disrupt Russian military operations after the invasion of Ukraine. The FSB’s decision to escalate the charges from illegal influence to treason highlights the severity of the case, marking a harsh precedent in Russia’s handling of cyber offenses.
Hackers Now Use AppDomain Injection to Drop CobaltStrike Beacons
Hackers have recently adopted AppDomain Manager Injection to deploy CobaltStrike beacons, leveraging this stealthier method to compromise Microsoft .NET applications. This technique involves using a malicious DLL and configuration file to manipulate legitimate .NET assemblies, making detection by security software more challenging. The attacks observed in 2024, which also utilize GrimResource for initial exploitation, suggest a sophisticated adversary, possibly APT 41, targeting high-value sectors in Asia.