WordPress Bitcoin Payments – Blockonomics Security Vulnerabilities

Peeling off QR Code Phishing Onion

Peeling off QR Code Phishing Onion: Revealing the Hidden Layers of Deceit By Neel H. Pathak and Pratik Sunil Kadam · October 10, 2023 Introduction: Malicious actors always seek innovative ways to bypass detection. The Trellix Advanced Research Center recently noticed an attack campaign with an...

Peeling off QR Code Phishing Onion

Peeling off QR Code Phishing Onion: Revealing the Hidden Layers of Deceit By Neel H. Pathak and Pratik Sunil Kadam · October 10, 2023 Introduction: Malicious actors always seek innovative ways to bypass detection. The Trellix Advanced Research Center recently noticed an attack campaign with an...

The Qualys Security Conference Mumbai: That’s a Wrap!

In recent years, the world of cybersecurity has experienced a dramatic transformation. The threat landscape has erupted, creating a host of complex challenges, with malicious actors continuously upping their game. In this high-stakes environment, the need for robust cloud security platforms...

How looking at decades of spam led Jaeson Schultz from Y2K to the metaverse and cryptocurrency

At this point in his career, Jaeson Schultz has seen nearly every type of online scam there is to see. From fake bomb threats at schools, to "sextortion" campaigns, cryptocurrency mining, metaverse and more of the 2010s, to the earliest type of spam emails in the 1990s that promised to protect...

CSRF in Payment Types

Description CSRF in Payment Types Proof of Concept 1 .Attacker send form fake to user <html> <body> <form action="https://demo.publicknowledgeproject.org/ojs3/testdrive/index.php/testdrive-journal/payments/savePaymentTypes"> <input type="hidden" name="csrfToken"...

North Korea's Lazarus Group Launders $900 Million in Cryptocurrency

As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year. "As traditional entities such as mixers continue to be...

US Police Recover $3M Stolen by Pakistani Crypto Scammers

By Waqas The crypto scammers convinced a victim in the United States to transfer their Bitcoin to a Kraken cryptocurrency account that the victim did not control. This is a post from HackRead.com Read the original post: US Police Recover $3M Stolen by Pakistani Crypto...

CVE-2023-44144

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7...

CVE-2023-44144

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7...

Cross site scripting

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7...

CVE-2023-44144 WordPress Dreamfox Media Payment gateway per Product for Woocommerce Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin &lt;= 3.2.7...

BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground

Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that's being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser...

FBI warns of multiple ransomware attacks on same victim

The Federal Bureau of Investigation (FBI) has released a notification that highlights two trends emerging across the ransomware environment. The trends the FBI says it's noticed since July 2023 are: Multiple ransomware attacks on the same victim in close date proximity. New data destruction...

FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies

The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants:...

GLSA-202309-17 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-17 (Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities) Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

TeamCity CVE-2023-42793 Exploit This Python script exploits...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)

Last week, there were 42 vulnerabilities disclosed in 37 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 10 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Essential Guide to Cybersecurity Compliance

SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert's head spin. If you're embarking on your compliance journey, read on to discover the differences between standards, which is best for your business,....

Credit card thieves target Booking.com customers

Staff in the hospitality industry are trained to accommodate their guests, and when they have a few years of experience under their belt you can be sure they'll have received some extraordinary requests. Which is something that clever cybercriminals are taking advantage of. Researchers at...

CVE-2015-6964

MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message...

CVE-2015-6964

MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message...

Authentication flaw

MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message...

CVE-2015-6964

MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message...

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will.....

T-Mobile spills billing information to other customers

Some T-Mobile customers logged into their accounts on Wednesday to find another customer's billing and account information showing on their online dashboards. T-Mobile denied there was an attack, but confirmed there had been a data leak. It said a "temporary system glitch" had misplaced some...

Overview of IoT threats in 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks.....

cheqd’s Recent Rollout Focuses on Monetizing Digital Identity

By Owais Sultan The decentralized identity startup, cheqd, unveils Credential Payments, blending financial incentives with self-sovereign identity measures. cheqd, a startup… This is a post from HackRead.com Read the original post: cheqd’s Recent Rollout Focuses on Monetizing Digital...

WooCommerce Payments Plugin for WordPress 5.5.x < 5.5.2 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WooCommerce Payments Plugin for WordPress 5.0.x < 5.0.4 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WooCommerce Payments Plugin for WordPress 5.4.x < 5.4.1 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WooCommerce Payments Plugin for WordPress 4.9.x < 4.9.1 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WooCommerce Payments Plugin for WordPress 4.8.x < 4.8.2 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WooCommerce Payments Plugin for WordPress 5.2.x < 5.2.2 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WooCommerce Payments Plugin for WordPress 6.3.x < 6.3.2 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WooCommerce Payments Plugin for WordPress 5.1.x < 5.1.3 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WooCommerce Payments Plugin for WordPress 5.3.x < 5.3.1 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WooCommerce Payments Plugin for WordPress 6.2.x < 6.2.2 Authentication Bypass

The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)

Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the....

Watch out, this LastPass email with "Important information about your account" is a phish

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the "unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having....

iPhone 15 launch: Wonderlust scammers rear their heads

Yesterday, Apple launched its latest iPhone and Watch models at its massive Wonderlust event. As with many high profile launches like this, it attracted not just a mountain of press, but a whole load of scammers too. One site uses the Apple brand to host a cryptocurrency scam. The hook is a...

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning....

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning....

Free Download Manager backdoored – a possible supply chain attack on Linux machines

UPDATE 13.09.2023. Free Download Manager team issued an official statement regarding this incident. Over the last few years, Linux machines have become a more and more prominent target for all sorts of threat actors. According to our telemetry, 260,000 unique Linux samples appeared in the first...

Major cyberattack leaves MGM Resorts reeling

A major incident impacting MGM Resorts has caused computer shutdowns all over the US. The systems most impacted are tied to casinos and hotel computer systems. According to the AP, locations caught by this shutdown range from New York and Ohio to Michigan and Mississippi. At this point I'd link to....

From Caribbean shores to your devices: analyzing Cuba ransomware

Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics,...

WooCommerce Payments < 4.9.0 - Subscription Suspension/Activation via CSRF

Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack PoC Deactivate subscription with ID 53:...

WooCommerce Payments < 4.9.0 - Subscription Suspension/Activation via CSRF

Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF...

A secondhand account of the worst possible timing for a scammer to strike

Welcome to this week's edition of the Threat Source newsletter. Up until last week, I had never considered the timing of a scam to be important. I'm so used to just swiping away emails or text messages at random times during the day that I'd never considered what would happen if an adversary...

Security Bulletin: There is a vulnerability in Apache Commons HttpClient used by IBM Maximo Asset Management (CVE-2012-5783)

Summary There is a vulnerability in Apache Commons HttpClient used by IBM Maximo Asset Management. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote...