Category: Uncategorized

Wrong shortcode initialized

As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes.

WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed at the plugins and themes in a period of 36 hours with the goal of taking over the websites and carrying out malicious actions.

The plugins in question are Kiwi Social Share (<= 2.0.10), WordPress Automatic (<= 3.53.2), Pinterest Automatic (<= 4.14.3), and PublishPress Capabilities (<= 2.3), some of which have been patched dating all the way back to November 2018. The impacted Epsilon Framework themes and their corresponding versions are as follow —

• Activello (<=1.4.1)
• Affluent (<1.1.0)
• Allegiant (<=1.2.5)
• Antreas (<=1.0.6)
• Bonkers (<=1.0.5)
• Brilliance (<=1.2.9)
• Illdy (<=2.1.6)
• MedZone Lite (<=1.2.5)
• NatureMag Lite (no known patch available)
• NewsMag (<=2.4.1)
• Newspaper X (<=1.3.1)
• Pixova Lite (<=2.0.6)
• Regina Lite (<=2.0.5)
• Shapely (<=1.2.8)
• Transcend (<=1.1.9)

Most of the attacks observed by Wordfence involve the adversary updating the “users_can_register” (i.e., anyone can register) option to enabled and setting the “default_role” setting (i.e., the default role of users who register at the blog) to administrator, thereby allowing an adversary to register on the vulnerable sites as an administrator and seize control.

What’s more, the intrusions are said to have spiked only after December 8, indicating that “the recently patched vulnerability in PublishPress Capabilities may have sparked attackers to target various Arbitrary Options Update vulnerabilities as part of a massive campaign,” Wordfence’s Chloe Chamberland said.

In light of active exploitation, WordPress site owners running any of the aforementioned plugins or themes are recommended to apply the latest fixes to mitigate the threat.

A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group.

Court documents showed that Vladimir Dunaev, 38, along with other members of the transnational, cybercriminal organization, stole money and confidential information from unsuspecting victims, including individuals, financial institutions, school districts, utility companies, government entities, and private businesses.

Starting its roots as a banking trojan in 2016, TrickBot has evolved into a modular, multi-stage Windows-based crimeware solution capable of pilfering valuable personal and financial information, and even dropping ransomware and post-exploitation toolkits on compromised devices. The malware is also notorious for its resilience, having survived at least two takedowns spearheaded by Microsoft and the U.S. Cyber Command a year ago.

However, on the legal front, the U.S. government earlier this year charged a 55-year-old Latvian woman named Alla “Max” Witte, who the prosecutors said worked as a programmer “overseeing the creation of code related to the monitoring and tracking of authorized users of the Trickbot malware.” Dunaev is the second Trickbot defendant to be arrested in 2021.

Dunaev, specifically, is said to have worked as a developer for the group, in charge of creating, deploying, and managing the Trickbot malware beginning in November 2015, while also overseeing the malware’s execution, as well as designing Firefox web browser modifications and helping to hide the malware from detection by security software.

In early September, South Korean media outlets reported the arrest of Dunaev (then identified only as “Mr. A”) at the Incheon International Airport when attempting to depart for Russia after being stranded in the country for over a year due to COVID-19. The suspect, who arrived in February 2020, also had his passport expired in the interim period, forcing him to stay in a hotel while awaiting for a replacement.

But once the passport was re-issued, the defendant tried to leave for his native home in Russia, leading to his arrest pursuant to an extradition request from the U.S. Dunaev has been charged with conspiracy to commit computer fraud and aggravated identity theft, conspiracy to commit wire and bank fraud, conspiracy to commit money laundering, and multiple counts of wire fraud, bank fraud, and aggravated identity theft.

If found guilty on all counts, the defendant faces a total prison term of 60 years.

“Trickbot attacked businesses and victims across the globe and infected millions of computers for theft and ransom, including networks of schools, banks, municipal governments, and companies in the health care, energy, and agriculture sectors,” said Deputy Attorney General Lisa O. Monaco in a statement.

“This is another success for the Department’s recently launched Ransomware and Digital Extortion Task Force in dismantling ransomware groups and disrupting the cybercriminal ecosystem that allows ransomware to exist and to threaten our critical infrastructure,” O. Monaco added.

The current landscape has changed dramatically. Businesses have had to adapt to new challenges, one of these challenges is accommodating the current workforce. In the age of digital technology, more employees would rather use their own device, such as a laptop, tablet, or phone. Bring Your Own Device or BYOD for short, is a trend that has caught on quickly. Now what impact does this have on a business you may ask? BYOD has given business’s new opportunities for growth. Business owners are under constant pressure to allow BYOD on highly secure enterprise networks. Most employees feel more comfortable using their own devices. BYOD policies can work out well for both business owners and employees if there is a clear understanding of the policies and procedures.  

There are many positives to implementing a BYOD policy. The use of BYOD devices affords many opportunities for businesses. BYOD allows for increase productivity, cost savings, improved employee loyalty, and the ability to work from anywhere at any time.  

When an employee can use their own device, this allows for more flexibility and comfortability. Having the flexibility of working with a personal device allows employees the ability to do their work and stay connected with their personal life. This can effectively reduce stress and increase an employee’s overall productivity.  

BYOD offers a company the benefit of cutting down on cost significantly. Since these are personal devices there is no need for companies to pay for maintenance cost, device cost and hardware cost. Most of the cost is paid by the employee. 

A precise BYOD strategy can help to increase overall employee loyalty to a business by allowing them to control their own work. This empowers an employee, giving them the ability to work offsite with their own personal device.  

Although, BYOD policies have many pros for a business there are a few challenges as well. It is up to the business to lay out a well-defined policy when it comes to allowing a the use of personal devices. It is also up to the employee to follow the best practices for a BYOD policy. Some of the major challenges a business will face is security control, employee privacy, hacking and corporate IT policies.  

Security control and control of data is a crucial first step when it comes to protecting an enterprise network. Allowing the use of personal devices will increase the need for control over data with the privacy of employees in mind. With many employees using their own device a company must be able to control the data that users have access to and ensure it is not allowed to leave the enterprise network. There are many applications that can be used to secure data on mobile devices. Data securement and device compliance are paramount to ensuring overall security.  

All devices on the enterprise network should be monitored for device behavior and data exchange. It can be easy for a personal device to fall victim to a cyber-attack. The BYOD strategy should be implemented with safety and security of business information in mind. Monitoring the inflow and outflow of business data is crucial to security. A business must be able to track emails and spam to prevent phishing attacks on a network.  

Corporate IT polices must be implemented. These policies will give an employee a thorough guideline of rules and expectations to follow. Having a well laid out policy will allow for the best communication as to what best practices to follow as well as the employee’s rights, obligations and consequences in breaching policies.  

Bring-Your-Own-Device (BYOD) will continue to be the preferred business strategy for the many years to come. This means businesses must be ready with the proper resources to handle the rising security needs. When implementing a BYOD policy every step must be well planned out to ensure proper implementation and security. If implemented properly the pros far out weight the cons in choosing to allow for the use of  BYOD devices.  

The Russia-based agency behind last year’s massive SolarWinds cyberattack has tried to hack another 140 tech companies, its latest intrusion into US cyber infrastructure.

Microsoft says that Nobelium’s latest hack targeted ‘resellers and other technology service providers that customize, deploy and manage cloud services.’ Fourteen firms successfully had their defenses breached, although they haven’t been named, and further information on the nature of the hacks have not been shared. 

The goal of Nobelium, which is widely-believed to be working for Russia’s SVR intelligence agency, is to impersonate the technology companies and gain access to their downstream customers.

The move would target any company that uses the products and services of the companies that were attacked.

Only 14 of the resellers and service providers have been compromised in this latest round, Microsoft said as it continues to investigate the scope of the breach.

US cybersecurity officials could not be immediately reached to confirm the report.

US officials confirmed to the New York Times that the operation was underway. 

One unnamed senior administration official called it an ‘unsophisticated, run-of-the mill operations that could have been prevented if the cloud service providers had implemented baseline cybersecurity practices.’ 

Nobelium did not appear to exploit any software vulnerabilities and instead focused on a tried-and-true method of stealing legitimate login credentials to privileged access, Microsoft notes. 

In its blog post, Microsoft wrote: ‘This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.’

The SolarWinds attack hurt an estimated 18,000 SolarWinds customers who downloaded compromised software updates. The updates allowed the alleged Russian hackers to access their servers, though the explicit intent of the breaches is not yet known. 

The breach went on to expose the information of at least nine US federal agencies.

Today, nearly every business operates in some form on the internet. With that understanding, every business is at risk of being targeted and victimized by sophisticated cyber-attacks. Common victims include vital information, secured systems/networks, and the integrity of said companies. However, there’s another affected party that may not be addressed enough; our children. Securing your business infrastructure from cybercriminals protects our most important assets. 

An example of this can be found in the arena of “Smart Toys”. The 2015 breach of Vtech compromised vital information (name, gender, birth dates, etc.) of over 6 million parents and children. The successful attack was attributed to the lack of cybersecurity Best Practices such as keeping up with industry standards with encryption algorithms. Implementing internal network appliances is one example of counteracting malicious attempts on secured networks. 

More recent instances of cybercriminal activity can be found in the video game industry. Referenced from content delivery network Akamai; “web application attacks against gaming companies rose by 340 percent between 2019 and 2020 and by as much as 415 percent between 2018 and 2020”. Different types of techniques were used to include SQL Injection (SQLi), Local File Inclusion (LFI), and Cross-Site Scripting (XSS). These attacks can extract data, inject malware, and gain access. Worst of all exposing our children to content without proper guidance. 

Cybersecurity is a never-ending endeavor that grows in complexity with each passing year. Even though its success is largely measured in the meeting room and seen through the lens of man hours and uptime. Cybersecurity is also an ally in the protection of an unquantifiable metric, our future. 

What’s happening  

95% of companies have a presence within the cloud. Many organizations don’t realize they are active within the “cloud,” even though they have a massive amount of data within programs such as Microsoft office 365.  

Since the pandemic, many businesses shifted over to cloud-based apps and systems for the first time. In order to reduce an outbreak of violations due to “beginner mistakes” in 2021. New cloud users and organizations will need to look precisely at their security posture. 

What it means 

• Do not assume the new cloud service providers will secure your own cloud environment, and don’t forget to take responsibility for your company’s networks and user controls.  
• Human error is the leading cause of cloud breaches as well as misconfiguration of the cloud solution. Cloud providers may offer access and identity management tools to reduce errors. 
• Proper use of the tools offered by the solution provider will assist with logging and monitoring, keeping businesses on track with any unsanctioned access login attempts.