Image by Getty Imagesread more →
Current and former employees of NASA from July 2006 through October 2018 could have been affected by a data breach, but the exact number is not known at this time. A server containing
PII (Personally Identifiable Information) of employee’s was discovered to have been hacked on October 23rd. Cybersecurity personnel belonging to NASA immediately began securing the server that had been breached to prevent any further information from being compromised. Federal cybersecurity acquaintances have also been called in to help determine how the breach happened, and what information was accessed.
The issue is with part of ZipRecruiter's site that enables a business with authorization to access the CV database to contact the person seeking a job. After an employer gets online and accesses a resume, they can decide to shortlist some of the candidates when they are provided with a candidate form. The problem is that unauthorized users are able to access the form while not having access to the CV database.read more →
The third malware strain targeting MacOS this month has been discovered and dubbed LamePyre. Although it appears to still be under development, the malware is able to perform a few functions. LamePyre traps its victims by showing up as a duplicate of the Discord app utilized by gamers. In actuality, it is only a shell which appears as the run of the mill Automator symbol in the menu bar on MacOS when kept running by the user.read more →
The popular social media photo sharing app Instagram has recently patched a bug in their website that accidentally exposed some of their users’ passwords in plaintext. The bug resides in the new “Download Your Data” feature. This new feature allows the user to download a copy of all the data they have shared with the site, including comments, posts, photos, and other information.read more →
Account-managing Trojans customarily target clients of online money related administrations--searching for budgetary information to take, or building botnets out of hacked gadgets for future assaults. Be that as it may, after some time a few of these Trojans have upgraded their usefulness, propelling new variations and broadening their range. Some are currently ready to get root access to tainted gadgets, perform exchanges, inject malicious code, record video, and the sky is the limit from there.read more →
The Google Twitter account for its G Suite cloud subsidiary, which has more than 800,000 followers, has been the most recent target of a growing Bitcoin scam. Many have been asking Twitter to intervene due to the increasing success of these attacks and the growing ability for hackers to compromise verified Twitter accounts. When these accounts are accessed, attackers tweet out a falsified 10,000 Bitcoin giveaway, which equates to around $62,000 dollars.read more →
Researchers have discovered a zero-day vulnerability (CVE-2018-8589) within win32k.sys affecting 32-bit versions of Windows 7. The vulnerability was reported to Microsoft on October 17th and is a privilege escalation vulnerability. It exists due to “improper locking of messages sent synchronously between threads.” If exploited successfully, it could allow an attacker to view or alter data, install programs, or create new user accounts by “running arbitrary code in the context of the local system.” At the time of writing this article, the delivery method remains unknown, however according to researchers, “the exploit was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system.” The zero-day is currently being used by at least one APT actor but if an attacker attempts to exploit the zero-day on machines that are up to date with security updates, the system will crash.read more →
A zero-day vulnerability has been discovered affecting WP GDPR Compliance. WP GDPR Compliance is a WordPress plugin that aids website owners become GDPR compliant. The plugin is one of the more popular GDRP plugins available with over 100,000 active installations.
First seen roughly three weeks ago, the vulnerability used to gain access to WordPress sites and install backdoors. The plugin was removed earlier last week, however it was reinstated on November 7th after the release of version 1.4.3, which contained a patch for the vulnerability.
Attackers are actively exploiting the vulnerability for anyone running version 1.4.2 and older. According to researchers, “attackers are targeting a WP GDPR Compliance bug that allows them to make a call to one of the plugin's internal functions and change settings for both the plugin, but also for the entire WordPress CMS.” At the time of writing this article, there are two techniques using the vulnerability.
In the first, the attacker uses the vulnerability to open the website’s registration system and will reset the default role for new accounts to administrator. The attacker will then create a new account that has usually been seen as “t2trollherten” and set back default user role for new accounts to subscriber. Public registration is then disabled and the attacker logs into their new account to install a backdoor on the site titled “wp-cache.php.” The backdoor contains a file manager, PHP eval() runner, and a terminal emulator.
The second technique is quieter and involves using the GDPR compliance vulnerability. It’s used to add a new task to WP-Cron, which is the built-in task scheduler. The attacker will download and install the plugin, which is later used to upload another backdoor on the site. This backdoor is also named wp-cahe.php, but is different than the previous one. Even though the second scenario is supposed to be quieter, it actually caused the zero-day to be discovered. This is because on some sites, the attacker’s exploitation routine failed to delete the plugin and site owners saw that a new plugin appeared.read more →