Security News > 2022 > June

As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the Georgia Institute of Technology.

A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a report shared with The Hacker News.

Nathaniel Chastain, a former product manager at OpenSea, the largest online non-fungible token marketplace, has been arrested and charged by the U.S. Department of Justice with NFT insider trading. This is the first time someone was charged for their involvement in what the DOJ describes as a "Digital Asset Insider Trading Scheme."

Hackers have targeted poorly secured Elasticsearch databases and replaced 450 indexes with ransom notes asking for $620 to restore contents, amounting to a total demand of $279,000. This campaign is not new, and we have seen similar opportunistic attacks numerous times before, and against other database management systems, too [1, 2, 3]. Restoring the database contents by paying the hackers is an unlikely scenario, as the practical and financial challenge for the attacker to store the data of so many databases is unfeasible.

The Federal Bureau of Investigation and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and provide DDoS attack services. To was selling subscriptions allowing its users to search a database containing information stolen in more than 10,000 data breaches.

Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild. Here’s the advisory, which includes a work-around until a patch is available.

Several U.S. federal agencies warned organizations today against paying ransom demands made by the Karakurt gang since that will not prevent their stolen data from being sold to others. Karakurt, the data extortion arm of the Conti ransomware gang and cybercrime syndicate, is focused on stealing data from companies since at least June 2021 and forcing them into paying ransoms under the threat of publishing the information online.

RuneScape is a free online MMORPG game first released two decades ago but continues to be popular in the gaming community and enjoyed by millions of players. The latest phishing campaign, spotted by Malwarebytes, attempts to target players of both the Old School and the standard editions via a fake email change notice.

Microsoft sets multi-factor authentication as default for all Azure AD customers. In a new blog post, the company revealed that it's adding multi-factor authentication as the default security setting for existing Azure customers who haven't changed that setting on their own.

A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina. The bug, now tracked as CVE-2022-30190 and described by Redmond as a Microsoft Windows Support Diagnostic Tool remote code execution flaw, impacts all Windows versions still receiving security updates.