This week in the news:
- Critical LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites
- PSAUX Ransomware Exploits Zero-Day, Hitting 22,000 CyberPanel Servers
- LottieFiles npm Supply Chain Attack Targets Cryptocurrency Users
- Bedfordshire Ranks as UK’s Cybercrime Capital with 2,900 Victims Annually
- Sysdig Uncovers EMERALDWHALE Campaign Exposing 15,000+ Stolen Cloud Credentials
- French ISP Free Suffers Major Data Breach Impacting Millions
- QNAP Patches Critical Zero-Day Vulnerability Following Pwn2Own Ireland 2024
- Google Patches Critical Chrome Vulnerability
- Akira and Fog Ransomware Exploit SonicWall VPN Vulnerability
- New Ransomware Group “Embargo” Uses Toolkit to Disable Security Solutions
- FortiJump Vulnerability Exploited in Zero-Day Attacks Since June 2024
- Cisco VPN Vulnerability Actively Exploited by Attackers
- Critical Vulnerabilities in Open-Source AI Models Uncovered, Potential for Remote Code Execution
Critical LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites
A high-severity vulnerability (CVE-2024-50550) in the LiteSpeed Cache plugin allows attackers to elevate privileges and potentially gain administrator access on WordPress sites.
Exploited through weak security checks in the plugin’s “role simulation” feature, this flaw could enable malicious users to install unauthorised plugins and manipulate site settings.
LiteSpeed has released a patch in version 6.5.2, addressing the issue by enhancing hash security and removing role simulation options. Immediate updates are advised to secure affected sites.
View SourcePSAUX Ransomware Exploits Zero-Day, Hitting 22,000 CyberPanel Servers
The PSAUX ransomware has targeted approximately 22,000 CyberPanel servers, leveraging a zero-day vulnerability to gain unauthorised access and encrypt data.
This massive attack impacts server configurations and customer data, primarily through a security gap in CyberPanel’s admin panel.
To protect against PSAUX ransomware, server administrators are urged to apply any available security patches, regularly back up critical data, and implement strong access controls.
View SourceLottieFiles npm Supply Chain Attack Targets Cryptocurrency Users
LottieFiles was compromised in a supply chain attack affecting specific npm package versions, which prompted users to link cryptocurrency wallets that were then drained by attackers.
Versions 2.0.5, 2.0.6, and 2.0.7 of the “lottie-player” npm package were infected, prompting an immediate update to version 2.0.8.
Users affected by earlier versions are urged to update or warn end-users of risks. LottieFiles confirms other services were unaffected and is investigating with external experts.
View SourceBedfordshire Ranks as UK’s Cybercrime Capital with 2,900 Victims Annually
Bedfordshire has the highest cybercrime rate in the UK, with around 2,900 annual victims of hacking and malware. This rate is nearly four times higher than neighbouring Hertfordshire.
The rise in cyber incidents highlights the need for local businesses and residents to enhance cybersecurity practices, including using strong passwords, applying software updates, and avoiding phishing scams.
View SourceSysdig Uncovers EMERALDWHALE Campaign Exposing 15,000+ Stolen Cloud Credentials
Sysdig researchers revealed that over 15,000 cloud service credentials, extracted from exposed Git configuration files, were found in a publicly accessible AWS bucket.
The EMERALDWHALE campaign targeted Git directories of services like GitHub and GitLab, collecting a terabyte of data for spam and phishing efforts.
Sysdig stresses the urgent need for stricter credential management and monitoring practices to secure sensitive cloud data.
View SourceFrench ISP Free Suffers Major Data Breach Impacting Millions
French ISP Free, a subsidiary of the Iliad Group and France’s second-largest internet provider, recently experienced a significant cyberattack exposing sensitive customer data.
This breach, affecting around 19.2 million subscribers, includes the theft of personal information and approximately 5.11 million IBAN numbers, now reportedly for sale on the dark web.
While Free claims that passwords, bank card details, and communication content were unaffected, the stolen IBANs could raise fraud risks, albeit with limited potential for direct unauthorised transactions.
Free quickly reported the breach to French cybersecurity agencies and is notifying affected users, encouraging vigilance against phishing attacks and unauthorised debits.
View SourceQNAP Patches Critical Zero-Day Vulnerability Following Pwn2Own Ireland 2024
QNAP recently patched a critical zero-day vulnerability, identified as CVE-2024-50388, that was exploited during the Pwn2Own Ireland 2024 hacking competition.
This OS command injection flaw in the Hybrid Backup Sync (HBS 3) data management software posed a serious risk, allowing remote attackers to execute arbitrary commands. The flaw was discovered by researchers from Viettel Cyber Security, who earned recognition and prizes during the event for successfully demonstrating the exploit.
In response, QNAP quickly released a security update to safeguard its NAS device users, urging customers to apply the patch to protect their data and systems.
View SourceGoogle Patches Critical Chrome Vulnerability
Google recently addressed a critical vulnerability (CVE-2024-10487) in Chrome’s WebGPU component, reported by Apple’s Security Engineering and Architecture team.
This vulnerability, an “out-of-bounds write” flaw, allowed for potential arbitrary code execution. The flaw was promptly patched in Chrome version 130, with no evidence of exploitation in the wild.
View SourceApple Issues Major Security Updates, Fixes Over 70 Vulnerabilities
Apple recently released security updates across iOS, macOS, and other products, patching over 70 vulnerabilities, some of which could enable unauthorised system access, data leaks and privilege escalation.
The updates, covering iOS 18.1, macOS Sequoia 15.1, and others, address issues in CoreText, Safari, WebKit, and more, affecting a wide range of device functions. Apple advises all users to update promptly to protect against potential exploits.
View SourceAkira and Fog Ransomware Exploit SonicWall VPN Vulnerability
Recent attacks by Akira and Fog ransomware groups are leveraging an unpatched SonicWall VPN flaw to gain unauthorised network access.
This vulnerability allows attackers to bypass authentication measures, giving them access to sensitive data and systems.
Security experts recommend immediately updating SonicWall VPN systems and implementing multi-factor authentication to mitigate the risk.
View SourceNew Ransomware Group “Embargo” Uses Toolkit to Disable Security Solutions
ESET researchers have uncovered a new ransomware group named “Embargo” that utilises a sophisticated toolkit designed to disable security measures on targeted systems.
This toolkit allows Embargo to bypass endpoint protection, making it easier for the group to encrypt data and demand ransoms.
Security experts recommend ensuring that security solutions are regularly updated and reinforced with strong endpoint detection and response strategies to counteract this threat.
View SourceFortiJump Vulnerability Exploited in Zero-Day Attacks Since June 2024
A vulnerability in Fortinet’s FortiJump (CVE-2024-47575) has reportedly been exploited in zero-day attacks since June 2024, allowing attackers to gain unauthorised network access.
The flaw permits privileged escalation, particularly impacting users relying on Fortinet for secure connections.
Fortinet advises immediate updates and patch applications to safeguard against potential threats, as exploitation is active.
View SourceCisco VPN Vulnerability Actively Exploited by Attackers
Cisco’s VPN software contains a critical vulnerability (CVE-2024-20481) that has recently come under active exploitation, allowing attackers to potentially bypass security protocols and gain unauthorised access.
The flaw affects various Cisco products and could enable lateral movement within compromised networks.
Cisco strongly urges users to apply available patches to mitigate the risks.
View SourceCritical Vulnerabilities in Open-Source AI Models Uncovered, Potential for Remote Code Execution
Security researchers have identified over 30 vulnerabilities in open-source AI and machine learning tools, some allowing remote code execution and unauthorised access.
Major flaws were found in frameworks such as Lunary and ChuanhuChatGPT, where insecure direct object references and path traversal flaws put sensitive data at risk.
Attackers exploiting these vulnerabilities could manipulate user settings, access unauthorised accounts, or even execute arbitrary code.
Users are urged to apply security patches immediately to protect against these critical threats.
View SourceIf you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇
