Tag: exploit

Watch out — hackers can exploit this plugin to gain full control of your WordPress site

Post author By lisa nichols
Post date May 8, 2024
No Comments on Watch out — hackers can exploit this plugin to gain full control of your WordPress site

[ad_1]

An older version of LiteSpeed Cache, a popular plugin for the WordPress website builder, is vulnerable to a high-severity flaw that hackers have been increasingly exploiting.

The flaw is described as an unauthenticated cross-site scripting vulnerability, and tracked as CVE-2023-40000. It carries a severity score of 8.8.

By adding malicious JavaScript code directly into WordPress files through the plugin, the attackers are able to create new administrator accounts, essentially completely taking over the website. Admin accounts can be used to modify the site’s content, add or remove plugins, or change different settings. Victims can be redirected to malicious websites, served malicious advertising, or have their sensitive user data taken.

Mitigations and fixes

The flaw was uncovered by WPScan, a cybersecurity project serving as an enterprise vulnerability database for WordPress. Its researchers observed increased activity from different hacking groups, as they scan the internet for compromised WordPress sites. These are all running LiteSpeed Cache version 5.7.0.1 or older. The current version is 6.2.0.1 and is considered immune to this flaw.

One threat actor made more than a million probing requests in April 2024 alone, it was said.

Allegedly, LiteSpeed Cache has more than five million active users, of which roughly two million (1,835,000) are using the outdated, vulnerable variant.

LiteSpeed Cache is a plugin promising faster page load times, better user experience, and improved Google Search Results Page positions.

Those fearing they might get targeted are advised to update their plugins to the latest version as soon as possible. Furthermore, they should uninstall all plugins and themes they are not actively using, and delete all suspicious files and folders.

Those suspecting they might have been targeted already, should look for suspicious strings in the database: “Search in [the] database for suspicious strings like ‘eval(atob(Strings.fromCharCode,'” WPScan said. “Specifically in the option litespeed.admin_display.messages.”

Via BleepingComputer

Apex Legends tournament disrupted by rogue RCE exploit hack

Post author By lisa nichols
Post date March 20, 2024
No Comments on Apex Legends tournament disrupted by rogue RCE exploit hack

[ad_1]

The Apex Legends Global Series (ALGS) North American finals concluded with a bang this weekend—but the twist in the tale was one nobody expected (or wanted). Partway through the regional event, players were targeted by hacks that disrupted the “competitive integrity” of the match, resulting in the final stage of the tournament being postponed.

Shortly after the incident, speculation arose as to the source of the attack, with questions being asked about the Easy Anti-Cheat software. Epic Games has since released a statement claiming that there is no relation between the remote hack and the EAC.

“We are confident THERE IS NO RCE vulnerability within EAC being exploited.”

Due to the competitive integrity of this series being compromised, we have made the decision to postpone the NA finals at this time. We will share more information soon.March 18, 2024

Calling the shots

The tournament was well underway when DarkZero’s Noyan Ozkose (AKA Genburten) and TSM’s Phillip Dosen (AKA ImperialHall) were struck with RCE hacks which allowed a bad actor to interfere directly with the game.

Ozkose and Dosen’s cheats were suddenly and unexpectedly enabled. Oskoze was able to see the position of enemy players through the walls and odd messages (“Apex hacking global series by Destroyer2009 & R4ndom”) scrolled across the screen during the action. Oskoze reacted quickly, taking his hands off his keyboard and alerting his team to the issue.

Similarly, when Dosen aimed at a target, it was with the help of an aimbot—though he hadn’t enabled the cheat himself.

Respawn canceled the match in response to the incidents, citing that the competition had been compromised, and postponed the NA finals. More information on the rescheduling is set to follow in due course.

Exploring the anti-cheat exploit

Naturally, speculation ran rampant on Twitter, with players and spectators wondering how such a prominent tournament could be blown off course by REC hacks. The volunteer group Anti-Cheat Police Department joined the conversation, warning players that their personal information could be at risk unless they took specific measures—like refreshing old passwords and reinstalling their operating systems.

The Anti-Cheat Police Department posited that Easy Anti-Cheat, the security system used by Apex Legends, was a possible cause of the issue. The group believes that the EAC could be co-opted by bad actors and used to inject hacks into streamer PCs or infect them with ransomware.

Epic Games has refuted this claim, however, stating that:

“At this time – we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed.”

A problem to solve

So, how can similar incidents be prevented? The last thing any pro player wants during a high-stakes tournament is to be targeted by a remote hack—and casual players might wonder if the same threats could impact their games, too.

Gaming VPNs certainly have their uses, especially if you’re looking to put a stop to DDoS attacks, but they can’t guarantee protection from remote exploits. However, VPNs can make it much more difficult for bad actors to target you in the first place.

By masking your original IP address and routing your DNS requests through an intermediary, VPNs provide an extra layer of security when you’re gaming online. A cybercriminal would have to work a lot harder to get hold of your identifiable details.

Still, a VPN isn’t a guarantee of total digital protection—particularly if you’re worried about ransomware. NordVPN has its very own security suite, with malware-detection tools, and prevents downloads from occurring on the sly. That’s handy, but VPNs aren’t the best safeguard against more stubborn digital threats: think viruses, ransomware, malware, and other digital nasties.

The best antivirus software can help you out, however, with real-time protection and scans that aren’t just browser-based.

[ad_2]

Source Article Link

Tags Apex, disrupted, exploit, Hack, Legends, RCE, rogue, tournament

Featured

Hackers exploit another Windows security flaw to drop DarkGate malware

Post author By lisa nichols
Post date March 14, 2024
No Comments on Hackers exploit another Windows security flaw to drop DarkGate malware

[ad_1]

Microsoft recently patched a vulnerability in Windows SmartScreen, but not before hackers abused it as a zero-day to drop the DarkGate malware.

A report from cybersecurity researchers Trend Micro detailed a new campaign that included phishing emails with malicious PDF files, open redirects via Google DoubleClick Digital Marketing (DDM), and Microsoft installers (.MSI) impersonating legitimate software.

As explained by the researchers, the attack is part of a wider campaign from a threat actor known as Water Hydra. In the campaign, the attackers would send out convincing phishing emails to their targets, carrying a seemingly innocuous .PDF file.

Downloading compromised programs

This file contains a link, which deploys an open redirect from Google’s doubleclick[.]net domain, and leads to a compromised web server. An open redirect is a type of vulnerability in which the destination of the redirect is provided by the client, while the legitimate website, through which the redirect is made, does not properly filter or validate the request.

This server the victims are redirected to hosts a malicious .URL shortcut file that exploits a vulnerability tracked as CVE-2024-21412.

This is a flaw in Microsoft Windows SmartScreen – a cloud-based anti-phishing and anti-malware component included in several Microsoft products. By exploiting the flaw, the attackers are able to get the victims to run a malicious .MSI file – a program installer.

Victims are led to believe that they’re installing legitimate software, such as Apple iTunes, Notion, NVIDIA, and more. However, this software comes with side-loaded DLL files that infect the users with DarkGate version 6.1.7. As described by Malpedia, DarkGate is a commodity loader capable of downloading and executing stage-two malware, a Hidden Virtual Network Computing (HVNC) module, keylogging, stealing data from the infected devices, and even escalate privileges.

The malware was first spotted in 2018, and some researchers believe it originated in Russia.