Security News

Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The backdoor, which is believed to have existed since version 8.9, enables "An unauthenticated attacker to execute arbitrary PHP code on sites with the plugin installed," Jetpack's Harald Eilertsen said in a Friday write-up.

Security researchers have discovered a backdoor in a premium WordPress plugin designed as a complete management solution for schools. The name of the plugin is "School Management," published by Weblizar, and multiple versions before 9.9.7 were delivered with the backdoor baked into its code.

The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped implant against targets located in its southern counterpart. NukeSped is a backdoor that can perform various malicious activities based on commands received from a remote attacker-controlled domain.

The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites. Php in an attempt to inject malicious code into the checkout.

A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. The newly observed phishing message contains a weaponized Microsoft Excel document, opening which prompts a potential victim to enable macros, leading to the execution of a malicious Visual Basic Application macro that drops the malware payload. Furthermore, the macro takes care of establishing persistence for the implant by adding a scheduled task that repeats every four hours.

The backdoor Windows malware, dubbed DCRat or DarkCrystal RAT, was released in 2018, then redesigned and relaunched the following year. Despite its bargain price, and being the work of a lone developer as opposed to custom malware sold by a well-funded, sophisticated crime-ring, miscreants can perform a range of nefarious acts with DCRat due to its modular architecture and plugin framework.

Threat actors have started massively exploiting the critical vulnerability tracked as CVE-2022-1388, which affects multiple versions of all F5 BIG-IP modules, to drop malicious payloads. F5 last week released patches for the security issue, which affects the BIG-IP iControl REST authentication component.

Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat that's offered on sale for "Dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian threat groups crafting custom malware , this remote access Trojan appears to be the work of a lone actor, offering a surprisingly effective homemade tool for opening backdoors on a budget," BlackBerry researchers said in a report shared with The Hacker News.

A newly discovered and uncommonly stealthy Advanced Persistent Threat group is breaching corporate networks to steal Exchange emails from employees involved in corporate transactions such as mergers and acquisitions. Mandiant researchers, who discovered the threat actor and now track it as UNC3524, say the group has demonstrated its "Advanced" capabilities as it maintained access to its victims' environments for more than 18 months.

Advanced hackers are actively exploiting a critical remote code execution vulnerability, CVE-2022-22954, that affects in VMware Workspace ONE Access.The issue was addressed in a security update 20 days ago along with two more RCEs - CVE-2022-22957 and CVE-2022-22958 that also affect VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.