According to the WordPress security company Defiant, the GiveWP WordPress plugin contains a critical vulnerability that enables Remote Code Execution (RCE) and arbitrary file deletion on over 100,000 websites. The bug allows unauthenticated attackers to inject a PHP object and exploit a Property Oriented Programming (POP) chain to execute arbitrary code remotely or delete arbitrary files. This article continues to discuss the potential exploitation and impact of a critical vulnerability in the GiveWP WordPress plugin.

According to security researchers at Chainalysis, ransomware payments and stolen cryptocurrency have increased in the first half of 2024.  The researchers found that while illegal on-chain activity has dropped by nearly 20% year-to-date, ransomware payments have increased by 2%, from $449.1 million in the first half of 2023 to $459.8 million in the first half of 2024.  In addition, the amount of cryptocurrency stolen this year has increased to $1.58 billion, up from $857 million last year.

The Mandiant Managed Defense team has discovered an increase in malware infections caused by malvertising campaigns that distribute a loader named "FakeBat," also known as "EugenLoader" and "PaykLoader." The researchers consider these attacks "opportunistic," as they are aimed at users looking to download popular business software. The infection involves a trojanized MSIX installer that runs a PowerShell script to download a secondary payload.

New York City-based nonprofit healthcare organization Jewish Home Lifecare has recently revealed that a data breach disclosed earlier this year impacted more than 100,000 individuals.

"Xeon Sender," a cloud-based tool, helps attackers launch large-scale SMS spam and phishing campaigns using legitimate Software-as-a-Service (SaaS) providers. The tool, which is distributed via Telegram and different hacking forums, makes it easier to send bulk SMS messages by using valid Application Programming Interface (API) credentials from Amazon SNS, Twilio, and other popular service providers. This article continues to discuss findings regarding the Xeon Sender tool.

Researchers at Gen Threat Labs have linked the exploitation of one of the zero-days recently patched by Microsoft to North Korea's "Lazarus" Advanced Persistent Threat (APT) group. The vulnerability marked as "actively exploited" by Microsoft enables SYSTEM privileges on the latest Windows operating systems. Gen Threat Labs posted a note connecting the exploitation to Lazarus through the use of the "FudModule" rootkit, previously documented by Avast as part of the Lazarus APT toolkit.

The Oregon Zoo recently notified roughly 118,000 individuals that their names and payment card information were stolen from its online ticketing service.  The incident was identified on June 26, resulting in names, payment card numbers, CVVs, and expiration dates being exfiltrated.  The zoo noted that transactions processed between December 20, 2023, and June 26, 2024, were likely affected.  According to the zoo, threat actors redirected transactions from the third-party vendor that processed online ticketing purchases for Oregon Zoo.

The City of Flint, Michigan, is trying to restore network systems impacted by an August 14 ransomware attack that knocked some of its online services offline.  The city noted that the attack impacted the city’s payment and communication services but did not affect emergency services, including 911, dispatch, law enforcement, and fire operations.  BS&A, the city’s billing system, was disrupted, preventing online or credit card transactions for water, sewer, and tax payments.

According to researchers at Cisco Talos, eight Microsoft apps for macOS are vulnerable to library injection attacks that could enable adversaries to breach sensitive data. Affected Microsoft apps include Microsoft Teams, Outlook, PowerPoint, and Word. Attackers could bypass macOS' permission model using app permissions without the need for additional user verification. Through this, attackers could send emails from the user account, record audio, and more.

National Public Data (NPD) has recently confirmed that it is suffering a data breach following reports of 2.9 billion personal information records being compromised, but the company has recently announced that the incident only affects 1.3 million people in the US.  The information that was suspected of being breached included names, email addresses, phone numbers, social security numbers, and mailing addresses.