WordPress Simple Membership Plugin Vulnerabilities Enable Account Hijacking
Two security vulnerabilities have been discovered in the Simple Membership plugin for WordPress, allowing for privilege escalation and account takeover. The first vulnerability allows unauthenticated users to create accounts with arbitrary membership levels, while the second enables authenticated users to gain control of any member account through an insecure password reset process. The plugin vendor has released version 4.3.5 to address these vulnerabilities.
Chinese State-Sponsored APT BlackTech Hacks Cisco Routers to Hide and Move Across Corporate Networks
The NSA, FBI, CISA, and Japan’s NISC have issued a joint advisory warning about a Chinese state-sponsored APT group called BlackTech. The group has been observed hacking into network edge devices, such as Cisco routers, and using firmware implants to maintain stealth and move across the corporate networks of U.S. and Japanese multinational companies. BlackTech targets branch routers to extend their foothold within an organization and uses compromised routers as part of their infrastructure for proxying traffic and pivoting to other victims on the same network.
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
A new threat actor known as AtlasCross is using Red Cross-themed phishing lures to distribute two previously undocumented backdoors named DangerAds and AtlasAgent. The attacker has a high technical level and cautious attack attitude, targeting specific hosts within a network domain. The backdoors incorporate evasive features to avoid detection by security tools, and the true identity of AtlasCross and its backers is currently unknown.
Misconfigured TeslaMate Instances Expose Tesla Car Owners to Risk
Misconfigured instances of the third-party data logging application TeslaMate can leak sensitive information about Tesla cars and their drivers, potentially leading to malicious attacks. IoT security intelligence firm Redinent has identified over 1,400 misconfigured instances that allow unauthorized access. Attackers could access a car’s live location, check if it is locked, and even make it go to sleep, posing risks such as planned robberies. The vulnerability is due to user misconfiguration, not a fault in TeslaMate itself.
Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla has released security updates for Firefox and Thunderbird, addressing a total of nine vulnerabilities. The updates include patches for high-severity flaws, such as out-of-bounds write issues, memory leaks, use-after-free conditions, and memory corruption. While there is no evidence of these vulnerabilities being exploited in attacks, users are advised to update their browsers and email clients to the latest versions.
Stolen GitHub Credentials Used to Push Fake Dependabot Commits
Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions. The attackers targeted hundreds of GitHub repositories, including private ones, by creating fake commit messages that appeared to be from Dependabot. They injected a new workflow file to send GitHub secrets to an external server and modified .js files to intercept user credentials.
macOS 14 Sonoma Patches 60 Vulnerabilities
Apple has released macOS 14 Sonoma, which patches over 60 vulnerabilities in the operating system. These vulnerabilities can be exploited to obtain sensitive information, execute arbitrary code, escape the sandbox, and more. While some vulnerabilities can be exploited remotely, most require the presence of a malicious app on the targeted device. Users are advised to update to macOS 14 Sonoma to protect against these security flaws.
GPU.zip: New Method of Browser-Based Data-Stealing Attacks
Researchers have discovered a new method of browser-based data-stealing attacks called GPU.zip. This attack allows malicious websites to access usernames, passwords, and other sensitive data displayed by other websites by exploiting a vulnerability in graphics processing units (GPUs). The attack violates the security principle known as the ‘Same Origin Policy’ and can be successful on Chrome and Edge browsers. It is important for web developers to properly restrict access to sensitive pages and for users to check for specific headers in the code of web pages to ensure proper security measures are in place.
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
A new malware strain called ZenRAT is being distributed through fake installation packages of the Bitwarden password manager. The malware specifically targets Windows users and redirects users on other hosts to a benign webpage. ZenRAT is a modular remote access trojan (RAT) with information stealing capabilities, and it gathers details about the host and transmits them to a command-and-control server operated by the threat actors. Users are advised to download software only from trusted sources and verify the authenticity of websites.
Critical libwebp Vulnerability Under Active Exploitation – Gets Maximum CVSS Score
A critical security flaw in the libwebp image library for rendering images in the WebP format is being actively exploited in the wild. Tracked as CVE-2023-5129, the vulnerability has a maximum severity score of 10.0 on the CVSS rating system. The flaw allows for out-of-bounds writes to the heap, potentially leading to arbitrary code execution. The vulnerability affects various applications and packages that rely on the libwebp library, raising concerns for users and organizations.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.