Skip to main content

Security Affairs.

"A flaw in the W3 Total Cache plugin exposes hundreds of thousands of wordpress sites to attacks."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 19 January 2025, 2319 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

70K followers23 articles per week#security#tech
11

Today

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

by Pierluigi Paganini / 1h
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection Ransomware on ESXi: The mechanization of virtualized attacks FunkSec – Alleged Top Ransomware Group Powered by AI Abusing AWS Native Services: Ransomware Encrypting S3 Buckets wit

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 1h
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon EU privacy non-profit group filed complaints

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

3 TTPs
by Pierluigi Paganini / 3h
A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. The WordPress W3 Total Cache plugin is a popular performance optimization

Yesterday

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

US sanctions Chinese hacker firm
by Pierluigi Paganini / 1d
The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD., for its involvement in the activities of the Salt Typhoon APT group, which recently compromised multiple U.S. te

Jan 17, 2025

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

EU targets Chinese tech privacy violations
by Pierluigi Paganini / 2d
noyb files complaints against TikTok, AliExpress, and other Chinese companies for illegal EU user data transfers to China, violating data protection laws. Austrian privacy non-profit group None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transfe

U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog

7 TTPs
by Pierluigi Paganini / 2d
CVE-2024-50603
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Aviatrix Controllers OS Command Injection vulnerability, tracked as CVE-2024-50603 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog . The flaw im

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

5 TTPs
by Pierluigi Paganini / 2d
CVE-2024-7344
Researchers detailed a now-patched vulnerability that could allow a bypass of the Secure Boot mechanism in UEFI systems. ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism in UEFI systems. The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface betwe

Jan 16, 2025

Russia-linked APT Star Blizzard targets WhatsApp accounts

6 TTPs
by Pierluigi Paganini / 2d
Russian hackers use WhatsApp phishing
The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked APT group Star Blizzard targeting WhatsApp accounts via spear-phishing, shifting tactics to avoid detection. The Star Blizzard group, aka “ Callisto “, “ Seaborgium “, “ ColdRiver” , and “TA446,” targete

Prominent US law firm Wolf Haldenstein disclosed a data breach

Wolf Haldenstein data breach affects millions
by Pierluigi Paganini / 3d
The law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 million individuals. The law firm Wolf Haldenstein disclosed a 2023 data breach that exposed the personal information of nearly 3.5 million individuals. Wolf Haldenstein Adler Freeman & Herz LLP is a prominent U.S.-based law firm that specializes in complex class action litigation. Its expert

Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches

4 TTPs
by Pierluigi Paganini / 3d
The Clop ransomware gang claims dozens of victims from a Cleo file transfer vulnerability, though several companies dispute the breaches. The Clop ransomware group added 59 new companies to its leak site, the gain claims to have breached them by exploiting a vulnerability ​​in Cleo file transfer products . “ We have data of many companies who use cleo. Our teams are reaching and calling your comp

MikroTik botnet relies on DNS misconfiguration to spread malware

IoC > 1 IP
by Pierluigi Paganini / 3d
13 TTPs
MikroTik botnet exploits SPF misconfigurations
Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware. In late November, the experts spotted a malspam campaign impersonating DHL which used em

End of feed

Labels:

Comments

Post a Comment

Please leave a comment about our recent post.

Popular posts from this blog

Cyber War News Today.

"International Defence Cooperation:  A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents.  Accessed on 15 December 2024, 0134 UTC. Content and Source:   https://cyberwar.einnews.com/news/cyber-war-news?n=2&code=FA9GNesSTpp2rjO1&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Cyber+War+News&utm_content=navig Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Cyber War News Monitoring Get by    Email    •     RSS Published on  Dec 13, 2024 The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 13.3% WILMINGTON, DE, UNITED STATES, December 13, 2024 /⁨EINPresswire.com⁩/ -- According to the report, The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 1...
Post a Comment
Read more

The Cyberwire Daily Briefing

"Fortinet confirms breach of customer data." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 15 September 2024, 1339 UTC. Content and Source:   https://thecyberwire.com/newsletters/daily-briefing/13/176 Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). V13 | Issue 176 | 9.13.24 Daily Briefing for 09.13.24 Announcement Cloud Security in the Age of Generative AI. Artificial Intelligence is revolutionizing business, but it also introduces new risks. Join us on Wednesday, September 18th at 2pm EDT for a compelling live webinar on "Good vs. Evil: Cloud Security in the Age of Generative AI" with N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni.  Learn more and register now . Summary By the CyberWire staff At a glance. Fortinet confirms breach of customer data. Iran's Scarred Manticore deplo...
Post a Comment
Read more

SecurityWeek Briefing

"New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 10 September 2024, 0035 UTC. Content and Source:  https://www.securityweek.com Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net).   Monday, September 9 , 2024 Are you worried about unmanaged devices and apps? LATEST CYBERSECURITY HEADLINES New RAMBO Attack Allows Air-Gapped Data Theft Predator Spyware Resurfaces With Fresh Infrastructure Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws 300,000 Impacted by Data Breach at Car Rental Firm Avis One Million US Kaspersky Customers Transferred to Pango’s UltraAV Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks CISA Breaks Silence on Controvers...
Post a Comment
Read more