WordPress Bitcoin Payments – Blockonomics Security Vulnerabilities

Android banking trojans: How they steal passwords and drain bank accounts

For the most popular operating system in the world—which is Android and it isn’t even a contest—there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals. These are “Android banking trojans,” and, according to our 2024 ThreatDown State...

FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga.

The FBI's takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a....

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 12, 2024 to February 18, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 78 vulnerabilities disclosed in 63...

U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders

The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation. "Since January 2020, LockBit actors have executed.....

Crypto Exchange FixedFloat Hacked: $26 Million in BTC, ETH Stolen

By Deeba Ahmed FixedFloat suffered a significant loss of over 1,700 Ethereum and over 400 Bitcoin due to a drainer attack on February 18, 2024. This is a post from HackRead.com Read the original post: Crypto Exchange FixedFloat Hacked: $26 Million in BTC, ETH...

ITFlow Cross Site Request Forgery

...

CVE-2024-1389

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and...

CVE-2024-1390

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1....

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn't pay, LockBit's...

NCA’s LockBit Takedown: Source Code, Arrests and Recovery Tool Revealed

By Waqas To date, the LockBit ransomware gang targeted over 2,000 victims and received more than $120 million in ransom payments. This is a post from HackRead.com Read the original post: NCA's LockBit Takedown: Source Code, Arrests and Recovery Tool...

Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns

Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has significantly...

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint advisory published by Germany's Federal Office for the Protection of the Constitution (BfV) and South Korea's National Intelligence Service (NIS),....

GLSA-202402-23 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-23 (Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities) Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install...

Peach Payments Gateway < 3.2.0 - Missing Authorization via peach_core_version_rollback()

Description The Peach Payments Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the peach_core_version_rollback() function in versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with...

openSUSE 15 Security Update : bitcoin (openSUSE-SU-2024:0052-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0052-1 advisory. Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a...

How ransomware changed in 2023

In 2023, the CL0P ransomware gang broke the scalability barrier and shook the security world with a series of short, automated campaigns, hitting hundreds of unsuspecting targets simultaneously with attacks based on zero-day exploits. The gang's novel approach challenged a bottleneck that makes it....

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details ** CVEID: CVE-2022-44729 DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open.....

RansomHouse am See

RansomHouse am See By Pham Duy Phuc, Max Kersten in collaboration with Noël Keijzer and Michaël Schrijver from Northwave · February 14, 2024 Ransom gangs make big bucks by extorting victims, which sadly isn’t new. Their lucrative business allows them not only to live off the stolen money, but also....

Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit

The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the [operating system] boot process, enabling...

Update 23.4 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.4.15715, Platform Build 23.0.15712)

Update 23.4 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.4.15715, Platform Build 23.0.15712) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes a vulnerability. For...

Update 22.10 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 1 (Application Build 22.10.63195, Platform Build 22.0.63124)

Update 22.10 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 1 (Application Build 22.10.63195, Platform Build 22.0.63124) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes a vulnerability. For.....

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.2 - Missing Authorization via creating_pricing_table_page

Description The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and...

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.2 - Missing Authorization via pms_stripe_connect_handle_authorization_return

Description The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions.....

Ransomware review: February 2024

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders

The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person....

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 122 vulnerabilities disclosed in 110...

Ransomware Payments Hit a Record $1.1 Billion in 2023

After a slowdown in payments to ransomware gangs in 2022, last year saw total ransom payouts jump to their highest level yet, according to a new report from crypto-tracing firm...

Stable Channel Update for ChromeOS / ChromeOS Flex

The Stable channel is being updated to OS version: 15699.58.0 Browser version: 121.0.6167.159 for most ChromeOS devices. If you find new issues, please let us know one of the following ways File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta...

How are user credentials stolen and used by threat actors?

You've no doubt heard the phrase, "Attackers don't hack anyone these days. They log on." By obtaining (or stealing) valid user account details, an attacker can gain access to a system, remain hidden, and then elevate their privileges to "log in" to more areas of the network. Unfortunately, the use....

CVE-2024-0659

The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping....

CVE-2024-0659

The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping....

Cross site scripting

The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping....

Clorox counts the cost of cyberattack

Cleaning products maker Clorox has reported losses of $49 million in connection to a cyberattack it suffered in August of last year. On Monday, August 14, 2023, Clorox disclosed it had identified unauthorized activity on some of its IT systems. Despite a business continuity plan, the incident...

CVE-2024-0659

The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping....

Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was...

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from.....

Reddit: Infromation Disclosure To Use of Hard-coded Cryptographic Key

Summary: [ Leaking very sensitive information through a JS file that is clearly for developers within the website and should not be available to the public. The leaked information consists of a lot of API keys, Paypal keys, information and keys about the server and the application, and a lot...

FreeBSD : chromium -- multiple security fixes (72d6d757-c197-11ee-86bb-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 72d6d757-c197-11ee-86bb-a8a1599412c6 advisory. Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85...

The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world

I'd hate to be labeled a "car guy" now mentioning my new electric car in the lede of two newsletters in a row, but I couldn't resist. I'd been reading headlines for years about how electric cars (most notably Tesla) were vulnerable to a range of security vulnerabilities, even some that could allow....

CVE-2023-51684

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files...

CVE-2023-51684

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files...

Cross site scripting

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files...

CVE-2023-51684 WordPress Easy Digital Downloads Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files...

GLSA-202401-34 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-34 (Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities) Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to...

CVE-2024-0675

Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary.....

CVE-2024-0674

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process.....

CVE-2024-0674

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process.....

CVE-2024-0675

Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary.....

CVE-2024-0676

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary...

CVE-2024-0676

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary...