Ειδοποιήσεις

Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions.

On the morning of September 1st, Seravo’s on-call security officer Ville Korhonen was the first to discover the flaw and the fact that threat actors were already attempting to exploit it in attacks designed to upload malicious PHP files onto vulnerable websites.

Within hours after Korhonen spotted the attacks and reported the vulnerability to the plugin’s developer, File Manager‘s devs patched the severe flaw with the release of versions 6.9.

The File Manager plugin is currently installed on more than 700,000 WordPress sites and the vulnerability impacts all versions between 6.0 and 6.8.

Read more »

Threat researchers discovered a new malware family that is fully focused on getting as much cryptocurrency as possible from its victims. For this purpose, it steals wallets, hijacks transactions, and starts mining on infected machines.

Named KryptoCibule, the malware has managed to stay under the radar for almost two years, extending its functionality with each new version.

Read more »

It’s one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it’s an entirely different matter when they are used as “hackers for hire” by competing private companies to make away with confidential information.

Bitdefender’s Cyber Threat Intelligence Lab discovered yet another instance of an espionage attack targeting an unnamed international architectural and video production company that had all the hallmarks of a carefully orchestrated campaign.
Read more »

An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware.

Detailing the new tactics of the “Charming Kitten” APT group, Israeli firm Clearsky said, “starting July 2020, we have identified a new TTP of the group, impersonating ‘Deutsche Welle’ and the ‘Jewish Journal’ using emails alongside WhatsApp messages as their main platform to approach the target and convince them to open a malicious link.”

This development is the first time the threat actor is said to have carried out a watering hole attack through WhatsApp and LinkedIn, which also includes making phone calls to victims, Clearsky noted in a Thursday analysis.
Read more »