Security News > 2022 > July
Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication. The vulnerability would allow an unauthenticated attacker to inject malicious Javascript to sites using any version of the plugin and perform actions like uploading and deleting files, which could lead to complete takeover of the site.
The botnet behind the largest HTTPS distributed denial-of-service attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users.
Why legacy public key cryptography is exposing data to risk. In public key encryption, two parties that wish to share a secret need to exchange pairs of keys.
In the first half of 2022, BioCatch estimates fraudulent transfers to money mule accounts totaled $3 billion and that there are approximately 2 million mule accounts in the US. Additionally, researchers found that the average mule transaction amount is $1,500 - a low amount to avoid detection when executing mule campaigns at a large scale. In this Help Net Security video, Erin Englund, Threat Analytics Lead at BioCatch, explains what money mules are, why are they becoming so prevalent, and how we can defend against them.
The U.S. Federal Trade Commission warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice on the fastest route home, they likely think differently about having their thinly-disguised online identity associated with the frequency of their visits to a therapist or cancer doctor," FTC's Kristin Cohen said.
Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency, has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. U.S. Attorney Damian Williams said in a statement that Schulte was convicted for "One of the most brazen and damaging acts of espionage in American history," adding his actions had a "Devastating effect on our intelligence community by providing critical intelligence to those who wish to do us harm."
Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated import," Proofpoint said in a report shared with The Hacker News.
"An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads," Jonathan Bar Or of the Microsoft 365 Defender Research Team said in a write-up. While Apple's App Sandbox is designed to tightly regulate a third-party app's access to system resources and user data, the vulnerability makes it possible to bypass these restrictions and compromise the machine.
Companies with small security teams continue to face a number of distinctive challenges that place these organizations at greater risk than larger enterprises, according to Cynet. The Cynet survey analyzed responses from 200 CISOs at SMEs with five or fewer security staff members and cybersecurity budgets of $1 million or less.
The botnet behind the largest-ever HTTPS-based distributed-denial-of-service attack is now named after a tiny shrimp. While Mantis initially launched its network-flooding-traffic attack over HTTPS, in the month since its discovery, Mantis has launched more than 3,000 HTTP DDoS attacks against the firm's customers, Yoachimik added.