WordPress Bitcoin Payments – Blockonomics Security Vulnerabilities

#StopRansomware: Hive Ransomware

Summary Actions to Take Today to Mitigate Cyber Threats from Ransomware: • Prioritize remediating known exploited vulnerabilities. • Enable and enforce multifactor authentication with strong passwords • Close unused ports and remove any application not deemed necessary for day-to-day operations....

Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation

Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III, transpired between June 28 and November 23, 2022, resulting in the....

Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware

Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and...

Black Friday shoppers beware: online threats so far in 2022

The shopping event of the year, Black Friday, is almost here, and while the big day does not officially arrive until Friday, November 25th, deals are already starting. The day kickstarts the frenzied holiday shopping season with eye-catching promotional deals that lure shoppers into spending more.....

ChurchInfo Arbitrary File Upload Vulnerability

ChurchInfo is a free church database program from the ChurchInfo team that helps churches track members, families, groups, pledges, and payments. ChurchInfo 1.2.13 and later, and 1.3.0 and prior versions, is vulnerable to arbitrary file uploads. The vulnerability stems from the application's lack.....

WordPress Five Star Restaurant Reservations plugin licensing issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Five Star Restaurant Reservations plugin version prior to 2.4.12 is vulnerable to an authorization...

This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos

A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access...

Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns

The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein the victims are social engineered into making.....

Crimeware and financial cyberthreats in 2023

A look back on the year 2022 and what to expect in 2023 Every year, as part of the Kaspersky Security Bulletin, we predict which major trends will be followed in the coming year by attackers, who target financial organizations. The predictions, based on our extensive experience, help individuals...

Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti

Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti By Jambul Tologonov· November 22, 2022 Introduction On October 31, 2022, Yanluowang’s TOR site was hacked displaying a message “check and mate!! Yanluowang Matrix chat hacked @yanluowangleaks Time’s.....

Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti

Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti By Jambul Tologonov· November 22, 2022 Introduction On October 31, 2022, Yanluowang’s TOR site was hacked displaying a message “check and mate!! Yanluowang Matrix chat hacked @yanluowangleaks Time’s.....

CVE-2022-0421

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...

CVE-2022-0421

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...

Cross site scripting

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...

Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet

Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The U.S. District Court for the Southern District of New York imposed monetary sanctions against the defendants and their U.S.-based legal counsel.....

CVE-2022-0421 Five Star Restaurant Reservations < 2.4.12 - Unauthenticated Arbitrary Payment Status Update to Stored XSS

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...

Witness Block Parsing DoS Vulnerability

Impact All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on...

Witness Block Parsing DoS Vulnerability

Impact All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on...

Meta Reportedly Fires Dozens of Employees for Hijacking Users' Facebook and Instagram Accounts

Meta Platforms is said to have fired or disciplined over two dozen employees and contractors over the past year for allegedly compromising and taking over user accounts, The Wall Street Journal reported Thursday. Some of these cases involved bribery, the publication said, citing sources and...

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide

The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure...

Researchers Quietly Cracked Zeppelin Ransomware Keys

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called "Zeppelin" in May 2020. He'd been on the job less than six months, and because of the way his predecessor architected things, the company's data backups also were encrypted by Zeppelin. After.....

CVE-2022-39389

Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments.....

CVE-2022-39389

Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments.....

CVE-2022-39389

Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments.....

Design/Logic Flaw

Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments.....

CVE-2022-39389 Witness Block Parsing DoS Vulnerability in lnd

Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments.....

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Vyacheslav "Tank" Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources. Wanted Ukrainian...

Attacker can spoof remainingETH and double-spend their input ETH to Exchange

Lines of code Vulnerability details Description remainingETH is an important state variable in Exchange.sol, which keeps track of how many ETH have yet to be used as payment from the current msg.value. The setupExecution modifier sets the value before and after execution: modifier setupExecution()....

Exchange refund operation will return all ETH stored in the contract instead of the remaining amount from the exchange operation

Lines of code Vulnerability details Exchange refund operation will return all ETH stored in the contract instead of the remaining amount from the exchange operation The function that refunds remaining ETH in the Exchange contract will send back all the balance present in the contract instead of...

Russian-Canadian National Charged Over Involvement in LockBit Ransomware Attacks

The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world. The 33-year-old Ontario resident, Mikhail Vasiliev, has been taken into custody and is awaiting extradition to the...

The state of cryptojacking in the first three quarters of 2022

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and retail investors estimate crypto to have a solid chance of recovery in the long term, at the time of writing this report the prices remain low. However, cybercriminals are...

Revenue stream split can be bypassed

Lines of code Vulnerability details The Spigot.claimRevenue function allows (anyone) to claim revenue tokens from the spigot (push and pull payments) and escrows them for the owner to withdraw later. The revenue is automatically split between the treasury and escrow according to the settings in...

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating...

New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like.....

U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web

The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04....

Update 20.7 for Microsoft Dynamics 365 Business Central (on-premises) 2022 Release Wave 1 (Application Build 20.7.48483, Platform Build 20.0.48457)

Update 20.7 for Microsoft Dynamics 365 Business Central (on-premises) 2022 Release Wave 1 (Application Build 20.7.48483, Platform Build 20.0.48457) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes an information...

[PNM-003] finalize can be called by bidders, allows them to cancelBid

Lines of code Vulnerability details Description The finalize function is used to finalize the auction, locking all bids, and paying the seller. However, any user, including bidders can call finalize, as it is a public function, and there are no user checks. This may allow bidders to input...

US seizes $1.4 billion in Bitcoin from Silk Road Market Scammer

By Habiba Rashid The seizure of 50,000 Bitcoin took place in November 2021 when authorities raided the home of James Zhong, a 32-year-old in Gainesville, Georgia - The value of the seized BTC was $3.36 billion at that time. This is a post from HackRead.com Read the original post: US seizes $1.4...

IRS Seizes Another Silk Road Hacker’s $3.36 Billion Bitcoin Stash

A year after a billion-dollar seizure of the dark web market's crypto, the same agency found a giant trove hidden under a different hacker's...

btcd mishandles witness size checking

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. Specific Go Packages Affected...

btcd mishandles witness size checking

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. Specific Go Packages Affected...

The Worrying Rise of Cybercrime as a Service (CaaS)

What is CaaS? Put simply, Cybercrime as a Service (CaaS) means black hat hackers for hire. Now, any ex-employee with a grudge, any disgruntled customer, any troubled ex-partner, or vindictive competitor, literally anyone with the right browser, can hire a dark web bad actor to perform...

DDoS attacks in Q3 2022

News overview In Q3 2022, DDoS attacks were, more often than not, it seemed, politically motivated. As before, most news was focused on the conflict between Russia and Ukraine, but other high-profile events also affected the DDoS landscape this quarter. The pro-Russian group Killnet, active since.....

CVE-2022-44797

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...

CVE-2022-44797

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...

CVE-2022-44797

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...

Code injection

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...

CVE-2022-44797

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...

CVE-2022-44797

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...

Threat Roundup for October 28 to November 4

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 28 and Nov. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,.....