Security News

The TeamTNT cybercrime gang is back, attacking Docker and Kubernetes cloud instances by abusing a legitimate cloud-monitoring tool called Weave Scope, according to researchers. It can be integrated with Docker, Kubernetes, the Distributed Cloud Operating System and Amazon Web Services Elastic Compute Cloud - and it gives cybercriminals a perfect entree into a company's cloud infrastructure.

Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks - including deploying ransomware, and shutting down or even taking over critical systems. The flaws exists in CodeMeter, owned by Wibu-Systems, which is a software management component that's licensed by many of the top industrial control system software vendors, including Rockwell Automation and Siemens.

A remote code execution vulnerability addressed recently in Concrete5 exposed numerous websites to attacks, Edgescan reports. What Edgescan discovered was an RCE flaw in Concrete5 that could have allowed an attacker to inject a reverse shell into vulnerable web servers, thus taking full control of them.

The two critical flaws discovered by researchers include an arbitrary file-upload vulnerability, ranking 10 out of 10 on the CVSS scale; as well as an unauthenticated arbitrary file deletion error, ranking 9.9 out of 10. "Any of the 30,000 sites running the plugin are subject to any file being deleted, which includes the wp-config.php file, by unauthenticated site users."

While brute-forcing and password spraying techniques are the most common way to mount account takeovers, more methodical cybercriminals are able to gain access to accounts even with more secure MFA protocols in place. According to Abnormal Security, cybercriminals are zeroing in on email clients that don't support modern authentication, such as mobile email clients; and legacy email protocols, including IMAP, SMTP, MAPI and POP. Thus, even if MFA is enabled on the corporate email account, an employee checking email via mobile won't be subject to that protection.

Newsletter, a WordPress plugin with more than 300,000 installations, has a pair of vulnerabilities that could lead to code-execution and even site takeover. The Newsletter plugin offers site admins a visual editor that can be used to create newsletters and email campaigns from within WordPress.

A popular online social service, Meetup, has fixed several critical flaws in its website. If exploited, the flaws could have enabled attackers to hijack any Meetup "Group," access the group's member details and even redirect Meetup payments to an attacker-owned PayPal account.

Two high-risk vulnerabilities in Meetup, a popular online service that's used to create groups that host local in-person events, allowed attackers to easily take over any Meetup group, access all group functions and assets, and redirect all Meetup payments/financial transactions to their PayPal account. What's more, attackers could create a worm to take over all meetings on the site - including private ones - and do all of these things.

The report reveals a specialized economy emerging around email account takeover and takes an in-depth look at the threats organizations face and the types of defense strategies you need to have in place. Report highlights More than one-third of the hijacked accounts analyzed by researchers had attackers dwelling in the account for more than one week.

Accertify announced the launch of a new solution designed to help organizations address the significant rise in fraudulent online account openings and account takeovers. Fraudulent account openings, using stolen or fake names and information to open an account, and account takeovers, defined as unauthorized access to accounts, are two types of identity theft that are concerningly on the rise.