Cybersecurity Weekly: WordPress patches, NAT bypasses, Windows zero-day

November 3, 2020 by Sam Fay

WordPress patches a three-year-old high-severity RCE bug. A new NAT bypass attack lets hackers access any TCP/UDP service. A Windows zero-day bug is being exploited in the wild. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. WordPress patches three-year-old high-severity RCE bug

WordPress released a 5.5.2 update to its web publishing software platform. The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack. The vulnerability’s impact may be high, but the probability an adversary could reproduce the attack in the wild is low.
Read more »


2. New NAT bypass attack lets hackers access any TCP/UDP service

A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site that triggers the gateway to open any TCP/UDP port on the victim.
Read more »


3. Windows zero-day bug exploited in the wild

Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that’s being actively exploited in the wild. The privilege escalation vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since Windows 7 in the Windows Kernel Cryptography Driver that can be exploited for a sandbox escape.

Read more »


4. Browser bugs exploited to install two new backdoors on targeted computers

Last week, cybersecurity researchers disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spearphishing attacks and delivering malware. UCWeb and Bolt Browser remain unpatched as of yet, while Opera Mini is expected to receive a fix on November 11.
Read more »


5. Hacker selling 34 million user records stolen from 17 companies

Cybersecurity researchers discovered details about a new watering hole attack targeting the Korean diaspora. It exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed Operation Earth Kitsune, the campaign involves the use of Slack and GitHub malware.
Read more »


6. KashmirBlack botnet hijacks thousands of sites using popular CMS platforms

An active botnet is exploiting dozens of known vulnerabilities to target widely-used content management systems.The KashmirBlack campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, Magneto, Drupal and Vbulletin.
Read more »


7. Maze ransomware shuts down operations, denies creating cartel

​The Maze ransomware gang announced last week that they have officially closed down their ransomware operation and will no longer be leaking new companies’ data on their site. Maze Ransomware rose to prominence in November 2019, when they stole unencrypted files and then publicly released them after a victim did not pay.
Read more »


8. Gold seller JM Bullion hacked to steal customers’ credit cards

Precious metal online retailer JM Bullion disclosed a data breach after their site was hacked to include malicious scripts that stole customers’ credit card information. The malicious scripts were present on the site between February 18, 2020, and July 17, 2020, and caused any submitted payment information to be sent to a remote server under the attacker’s control.
Read more »


9. Enel Group hit by ransomware again, hackers demand $14 million

Multinational energy company Enel Group was hit by a ransomware attack for the second time this year. The attacker is asking for a $14 million ransom in exchange for the decryption key and to not release several terabytes of stolen data. In early June, Enel’s internal network was attacked by Snake ransomware, but the attempt was caught before the malware could spread.
Read more »


10. Scammers abuse Google Drive to send malicious links

The recent attack stems from Google Drive’s legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc. Attackers are abusing this feature to send mobile users Google Drive notifications that invite them to collaborate on documents, which then contain malicious links.
Read more »

Posted: November 3, 2020
Sam Fay
View Profile