Security News

Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!
2023-04-01 04:36

Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The premium plugin is estimated to be used on over 12 million sites.

Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs
2023-03-31 15:52

Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites. Elementor Pro is a WordPress page builder plugin allowing users to easily build professional-looking sites without knowing how to code, featuring drag and drop, theme building, a template collection, custom widget support, and a WooCommerce builder for online shops.

Winter Vivern hackers exploit Zimbra flaw to steal NATO emails
2023-03-30 21:56

A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats. Today, Proofpoint has published a new report on how the threat actor exploits CVE-2022-27926 on Zimbra Collaboration servers to access the communications of NATO-aligned organizations and persons.

Hackers compromise 3CX desktop app in a supply chain attack
2023-03-29 22:46

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.

Hackers earn $1,035,000 for 27 zero-days exploited at Pwn2Own Vancouver
2023-03-27 15:23

Pwn2Own Vancouver 2023 has ended with contestants earning $1,035,000 and a Tesla Model 3 car for 27 zero-day exploited between March 22 and 24. The total prize pool for Pwn2Own Vancouver 2023 was over $1,000,000 in cash and a Tesla Model 3, which Team Synacktiv won.

Gone in 120 seconds: Tesla Model 3 child's play for hackers
2023-03-27 11:32

In brief A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile's entertainment system, and from there opening up the car's core management systems. In the US, the Office of Inspector General of General Services Administration, issued a redacted report [PDF] earlier this month that found the government agency had misled its customers and other government agencies by telling them that Login.

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
2023-03-25 06:13

Microsoft on Friday shared guidance to help customers discover indicators of compromise associated with a recently patched Outlook vulnerability.Tracked as CVE-2023-23397, the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager hashes and stage a relay attack without requiring any user interaction.

A Hacker’s Mind News
2023-03-24 19:07

Its ranking hovers between 1,500 and 2,000 on Amazon. For those of you in New York, I'm giving at book talk at the Ford Foundation on Thursday, April 6.

'Bitter' espionage hackers target Chinese nuclear energy orgs
2023-03-24 14:47

A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders. Bitter is a suspected South Asian hacking group known to target high-profile organizations in the energy, engineering, and government sectors in the Asian-Pacific region.

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies
2023-03-24 09:59

Attack chains mounted by the group commence with a spear-phishing email to deploy a wide range of tools for backdoor access, command-and-control, and data exfiltration. These messages come bearing with malicious lure archives distributed via Dropbox or Google Drive links that employ DLL side-loading, LNK shortcut files, and fake file extensions as arrival vectors to obtain a foothold and drop backdoors like TONEINS, TONESHELL, PUBLOAD, and MQsTTang.