Search the Community

A critical vulnerability recently discovered in a popular WordPress plugin, is being actively abused in the wild, researchers have said, with hackers potentially able to use the flaw to fully take over a victim's website. WordPress security firm Patchstack first discovered an SQL injection (SQLi) vulnerability in the WP‑Automatic plugin, in mid-March 2024. WP-Automatic is a WordPress plugin designed to automate the process of importing and publishing content from various sources. It can grab content from RSS feeds, websites, YouTube channels, and more, and then automatically create and publish posts. Five million attacks According to a WPScan alert, cybercriminals can use the flaw to “gain unauthorized access to websites, create admin‑level user accounts, upload malicious files, and potentially take full control of affected sites." So far, the flaw was used to create new administrator accounts, which the hackers would later use for additional attacks (installing malicious add ons, exfiltrating sensitive data, and more). It was given a rating of 9.9 (critical), and tracked as CVE-2024-27956. All versions up to 3.9.2.0 are said to be vulnerable. So far, more than five million exploitations attempts were recorded. "Once a WordPress site is compromised, attackers ensure the longevity of their access by creating backdoors and obfuscating the code," WPScan said. "To evade detection and maintain access, attackers may also rename the vulnerable WP‑Automatic file, making it difficult for website owners or security tools to identify or block the issue." The Hacker News, also said that the file renaming part might also be an attempt by hackers to prevent other hackers from taking over. WordPress is by far the most popular website builder platform around today, powering almost half of the entire Internet. Still, it is considered relatively safe, with themes and plugins being the weakest link. WordPress site users are advised to only install themes and addons they plan on using, and to keep them updated at all times. More from TechRadar Pro Another top WordPress plugin has a serious security flaw — patch now to keep your website safeHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article

Author: Nathan Keys The Internet-of-Things (IoT) has quickly and seamlessly become woven into the fabric of our daily existence. With […] The post A Crash Course in Hardware Hacking Methodology: The Ones and Zeros appeared first on Security Boulevard. View the full article

Hackers recently stole hundreds of thousands of social security numbers from an American consulting firm, with victims across the US possibly affected. Greylock McKinnon Associates (GMA) has filed a new report with the Office of the Maine Attorney General, and sent a breach notification email to affected individuals. In its filing, the company said that 341,650 individuals have had their sensitive data, and Social Security Numbers (SSN), stolen by unidentified threat actors. Identities unknown In the letter, seen by TechCrunch, GMA told the victims that it fell prey to a “sophisticated cyberattack” in May last year. In the attack, the threat actors stole people’s names, birth dates, addresses, and Medicare Health Insurance Claim Numbers, which also contained Social Security Numbers associated with a member. Furthermore, “some” medical information and/or health insurance information was also stolen. While the attack did happen almost a year ago, it was in early February that GMA was notified that it had resulted in the theft of sensitive, personal data. It is unclear why GMA took so long to conclude its investigation of the breach. GMA is a consulting firm providing litigation support services in civil litigation matters. The data it held was obtained by the U.S. Department of Justice (DoJ) as part of a civil litigation matter, and then passed over to the company. “We received your information in our provision of services to the DOJ in support of that matter,” GMA said in the letter. “DOJ has advised us that you are not the subject of this investigation or the associated litigation matters. The DOJ informed GMA that this incident does not impact your current Medicare benefits or coverage.” The identity of the attackers, or their motives, remain unknown. No threat actors have assumed responsibility for the attack just yet. It is also no known if the data was grabbed from a specific litigation process. More from TechRadar Pro Google scrambles to fix another round of Chrome vulnerabilitiesHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article

Cryptocurrency recovery company Unciphered has warned of a security storm coming to the blockchain, with early adopters likely to be particularly affected. Specifically, crypto wallets created between 2011 and 2015 could be vulnerable to Randstorm, an exploit that can gain unauthorized access to crypto wallets by recovering passwords. Unciphered reports that between $1.2-2.1 billion in Bitcoin could be at risk, but warns even this figure could be a conservative estimate. Early Bitcoin adopters could be at risk The report warns the earliest adopters are most likely to be at risk of losing out, because the cryptocurrency is currently worth more than $37,000. At the end of 2015, it was worth a little over $300, meaning wallets might have grown considerably in that time. “Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine to dramatically reduce the quality of random numbers produced by web browsers of a certain era (2011-2015)," it added. The solution is simple in principle, but many users won’t be pleased that a simple password change won’t suffice. Instead, Unciphered is suggesting that anybody who may be at risk should move their crypto to a new wallet, which it says is good housekeeping when done periodically anyway. While wallet generation is free, transferring Bitcoin will incur a fee. Regardless, paying a fee would be a small price to pay compared with losing the contents of an entire wallet. Those who may be affected can check their public key on the Keybleed website, which is owned by Unciphered, to see whether their wallet is vulnerable to known exploits. More from TechRadar Pro Reckon you’ve downloaded something dodgy? Check out the best malware removalProtect your machine with the best endpoint protection and the best firewallsMillions in crypto has been stolen following LastPass breach View the full article