Cybersecurity Weekly: Wordpress patches, NAT bypasses, Windows zero-day
WordPress patches a three-year-old high-severity RCE bug. A new NAT bypass attack lets hackers access any TCP/UDP service. A Windows zero-day bug is being exploited in the wild. All this, and more, in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
Top Security Awareness Posters
1. WordPress patches three-year-old high-severity RCE bug
WordPress released a 5.5.2 update to its web publishing software platform. The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack. The vulnerability’s impact may be high, but the probability an adversary could reproduce the attack in the wild is low.
2. New NAT bypass attack lets hackers access any TCP/UDP service
A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site that triggers the gateway to open any TCP/UDP port on the victim.
3. Windows zero-day bug exploited in the wild
Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild. The privilege escalation vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since Windows 7 in the Windows Kernel Cryptography Driver that can be exploited for a sandbox escape.
4. Browser bugs exploited to install two new backdoors on targeted computers
Last week, cybersecurity researchers disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spearphishing attacks and delivering malware. UCWeb and Bolt Browser remain unpatched as of yet, while Opera Mini is expected to receive a fix on November 11.
5. Hacker selling 34 million user records stolen from 17 companies
Cybersecurity researchers discovered details about a new watering hole attack targeting the Korean diaspora. It exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed Operation Earth Kitsune, the campaign involves the use of Slack and GitHub malware.
6. KashmirBlack botnet hijacks thousands of sites using popular CMS platforms
An active botnet is exploiting dozens of known vulnerabilities to target widely-used content management systems.The KashmirBlack campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, Magneto, Drupal and Vbulletin.
7. Maze ransomware shuts down operations, denies creating cartel
The Maze ransomware gang announced last week that they have officially closed down their ransomware operation and will no longer be leaking new companies' data on their site. Maze Ransomware rose to prominence in November 2019, when they stole unencrypted files and then publicly released them after a victim did not pay.
8. Gold seller JM Bullion hacked to steal customers' credit cards
Precious metal online retailer JM Bullion disclosed a data breach after their site was hacked to include malicious scripts that stole customers' credit card information. The malicious scripts were present on the site between February 18, 2020, and July 17, 2020, and caused any submitted payment information to be sent to a remote server under the attacker's control.
9. Enel Group hit by ransomware again, hackers demand $14 million
Multinational energy company Enel Group was hit by a ransomware attack for the second time this year. The attacker is asking for a $14 million ransom in exchange for the decryption key and to not release several terabytes of stolen data. In early June, Enel's internal network was attacked by Snake ransomware, but the attempt was caught before the malware could spread.
10. Scammers abuse Google Drive to send malicious links
The recent attack stems from Google Drive’s legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc. Attackers are abusing this feature to send mobile users Google Drive notifications that invite them to collaborate on documents, which then contain malicious links.