Security researchers at Defiant are warning that thousands of WordPress websites are potentially at risk of takeover due to a critical severity vulnerability in two MiniOrange plugins that were discontinued recently.  The two plugins, Malware Scanner and Web Application Firewall from MiniOrange were closed on March 7, two days after the critical flaw was reported to the maintainers.

NSF Funded Undergraduate Computer Research in Cybersecurity and AI (UnCoRe-CyberAI)

Program Duration: 5/20/2024 ~ 7/26/2024
Application Deadline: 3/31/2024
Application Link: https://etap.nsf.gov/award/6667/opportunity/9110

Sharing this on behalf of Oakland University.

Please see and share the attached flyer for an NSF REU (research experience for undergraduates) program in Cybersecurity and AI at Oakland University.  A summary is below.

StopCrypt ransomware, also known as STOP Djvu, has evolved with a new multi-stage execution process that better evades detection by security tools. It is the most widely distributed ransomware in existence, typically targeting consumers instead of businesses. The ransomware operation's goal is to generate tens of thousands of small $400 to $1,000 ransom payments rather than a single large multi-million-dollar demand. The ransomware is mainly distributed through malvertising and malicious websites that deliver adware bundles disguised as free software, game cheats, and software cracks.

According to new research published by Specops, RedLine malware was used to steal over 170 million passwords in the last six months, making it the most notorious credential stealer during that period. The malware was used in half of all cyber incidents involving stolen passwords, significantly surpassing the next closest stealer, Vidar. Vidar was used to steal over 65 million passwords. Raccoon Stealer, the malware responsible for the theft of over 42 million passwords, ranks third, making up 11.7 percent.

MarineMax, one of the world’s largest retailers of recreational boats and yachts, recently disclosed a cyberattack that has caused some disruption.  The Florida-based company revealed in a regulatory filing that it detected a cybersecurity incident on March 10.  The company noted that hackers gained access to its systems, which prompted them to initiate incident response and business continuity protocols.  The incident is still being investigated, but at the time of the regulatory filing, it did not have a material impact on operations.

Threat actors are using Scalable Vector Graphic (SVG) image files to hide malware and avoid detection. In January, researchers at Cofense Intelligence discovered a two-month campaign involving the use of SVG files to distribute Agent Tesla Keylogger and XWorm RAT malware. The SVG file format uses mathematical equations to describe images, allowing them to be scaled without losing image quality and making them suitable for various design applications.

A new BlackBerry report reveals a significant increase in attacks on the global financial sector, with 1 million attacks recorded in just 120 days. According to BlackBerry's current Global Threat Intelligence Report, attacks on the global financial sector were primarily launched using commodity malware. The use of such malware suggests that many independent threat actors are targeting the industry for financial gain.

SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC) have announced the launch of the 911 Cybersecurity Resource Hub where Emergency Communications Centers (ECCs) can report cyber incidents, find real-world case studies, access cybersecurity education and training opportunities, and learn best practices regarding identifying and protecting networks from cyberattacks.