Sunday, May 26, 2024
HomeNewsWordPress Websites with miniOrange installed are at risk of threat actor exploitation

WordPress Websites with miniOrange installed are at risk of threat actor exploitation

Cybersecurity experts urge all WordPress admins to remove miniOrange’s malware scanner and web application firewall plugin from their website due to a discovered vulnerability in the malware scanner version 4.7.2 and Web Application Firewall version 2.1.1 that grants threat actors the opportunity to escalate privileges up to administrative level by updating user password. The access allows the attacker to manipulate anything of choice, like every administrator, including theme files and plugin uploads. The vulnerability is tagged CVE-2024-2172 with a CVSS score of 9.8. However, the plugins have been removed to prevent WordPress users from further installation. The total number of installations before removal is 10,000 for the malware scanner and 300 for the Web Application Firewall.

Crinetic Pharmaceutical suffered a ransomware attack by the Lockbit ransomware group. The pharmaceutical company is known for drug discovery, endocrinology, rare diseases, and biotech. It has over 500 employees and a revenue of $5 million.

Russian hackers now target Europe, the Americas, and Asia.

Authorities have linked APT28, a Russian-linked threat actor, to an ongoing phishing campaign targeting Europe, South Caucasus, Central Asia, and North and South America. According to IBM X-Force, the tech giant responsible for tracking the activity under the moniker ITG05:

“The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defence industrial production,” Reports also revealed the attacker took advantage of the Israel-Hamas war to deliver custom backdoor dubbed HeadLace.

RSHP (Rogers Stirk Harbour + Partners), a London-based international architectural practice with a speciality in the public realm, architects, highrise buildings, skyscrapers, buildings, developments, mixed-use developments, architecture, adaptive reuse, civic, education buildings, residential developments, transport, mixed-use, research and development, office design, health and science, and culture and leisure has suffered an attack by 8base ransomware group. The company has over 200 employees and a revenue of $119.7 million.

Cybersecurity researchers issued warnings about hackers delivering malware via fake Google sites by using sneaky HTML smuggling.

According to researchers, the malware AZORult is now distributed through a phishing campaign leveraging bogus Google site pages and HTML smuggling. Despite attributing the campaign’s intent to data collection, researchers haven’t mentioned the name of any specific threat actor or group responsible for the act.

Netskope Threat Labs researcher Jan Michael Alcantara says, “It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website.” More details about the malware revealed it operates by gathering documents, screenshots, credentials, cookies, and browser histories.

REC Vulnerability in the FileCatalyst transfer tool gets patched by Fortra.

After Tom Wedgbury’s discovery and report of the security flaw of LRQA Nettitude, Fortra never stopped working to address the issue. The company released details regarding possible ways of weaponizing the flaw tagged CVE-2024-25153 with a CVSS score of 9.8. The company gave more details in a statement that read, “A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request,”

Cactus Ransomware group has attacked Grupa Topex and eClinical Solution.

Grupa Topex: Grupa Topex is a Polish company known for offering consumers a wide array of tools and power tools. The company, with headquarters in Warsaw, specializes in tools, power tools, and accessories. Grupa has over 500 employees and a revenue of $66.5 million. The attack on the company exposed 638GB of data.

eClinical Solution: This is a healthcare organization that specializes in clinical data management, EDC services, statistical programming, clinical data reporting and analytics, clinical data repository development and management, clinical data software and services, biostatistics, clinical technology, analytics workbench, risk-based quality management, statistical computing environment, clinical data standards, metadata management, clinical data strategy, Clinical Data Infrastructure, Clinical Biometrics Services, and Biostatistics. eClinical Solution has over 500 employees and a revenue of $24.5 million. The attack on the company resulted in the exposure of 1TB of data.

 

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular