A series of critical vulnerabilities affecting the widely used WPLMS and VibeBP plugins for WordPress have been identified by security researchers. These plugins are essential components of the WPLMS premium LMS theme, which counts over 28,000 sales. They are primarily used for creating online courses, managing students and selling educational content. The vulnerabilities, now patched,
Month: December 2024
Dec 31, 2025Ravie LakshmananVulnerability / Incident Response The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. “On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to
More than two-thirds (69%) of UK small and medium enterprises (SMEs) lack a cybersecurity policy, according to figures from specialist insurance firm Markel Direct. The research identified a significant lack of basic cybersecurity measures and hygiene in place across these companies. This included 43% admitting that their employees are not trained on best practices and
Dec 29, 2025Ravie LakshmananEndpoint Protection / Browser Security A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used
Around 5.6 million individuals have had their sensitive personal, medical and financial information breached as a result of a ransomware attack on US healthcare giant Ascension. The company shared the extent of the data breach in a filing to the Office of the Maine Attorney General on December 19. Following an investigation, Ascension discovered that
Dec 27, 2024Ravie LakshmananCryptocurrency / Cyber Espionage North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for
Security researchers have urged customer-facing businesses to improve their verification checks after discovering a large-scale identity farming operation on the dark web. The unnamed underground group compiled a large collection of identity documents and corresponding facial images in a bid to trick Know Your Customer (KYC) verification checks, according to IProov’s Biometric Threat Intelligence service.
Dec 28, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity
The past year marked a year of “growth and transition” for the US Cybersecurity and Infrastructure Security Agency (CISA), according to its departing Director, Jen Easterly. In the foreword of the Agency’s 2024 Year in Review, Easterly’s final report before she steps down in January, she highlighted how CISA has focused on “working collaboratively to
Dec 27, 2024Ravie LakshmananFirewall Security / Vulnerability Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in
The Lumma Stealer infostealer malware is increasingly sought after by cybercriminals, according to cybersecurity firm ESET which reported a 369% surge in detections in its telemetry in the second half of 2024. Lumma Stealer first appeared in the wild in 2022, eventually appearing on the list of top ten infostealers detected by ESET products in
Dec 25, 2024Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. “These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices,” Claroty researchers Noam Moshe and Tomer
A controversial Israeli spyware maker has been found liable for the compromise of hundreds of WhatsApp users, in a historic US court ruling. Judge Phyllis Hamilton said on Friday that NSO Group broke state and federal laws and WhatsApp’s terms of service, by using zero-day exploits in the popular messaging tool to deploy its Pegasus
Dec 24, 2024Ravie LakshmananMalware / Data Exfiltration Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads
US and Japanese authorities have attributed a major cryptocurrency heist worth $308m to North Korean hackers. An alert from the FBI, Department of Defense Cyber Crime Center and National Police Agency of Japan said the May 2024 theft from Japan-based crypto firm DMM was carried out by a North Korean threat group tracked as TraderTraitor,
Dec 24, 2024Ravie LakshmananVulnerability / Zero Day The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8),
Interpol has claimed success with a new online operation designed to uncover human trafficking victims and facilitators operating in South America and Europe. The policing group teamed up with inter-governmental body the Organization for Security and Co-operation in Europe (OSCE), in response to a growing and concerning trend. Victims are lured by fake or deceptive
Dec 23, 2024Ravie LakshmananGDPR / Data Privacy Italy’s data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users’ information to train its service in violation of
The LockBit ransomware group could be making a comeback after months of struggling to maintain its criminal activity following its takedown in February 2024. On December 19, LockBitSupp, the persona allegedly run by the ransom-as-s-service (RaaS) group admins, announced on its website the group would launch a new version of its ransomware, LockBit 4.0. In
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department
The Italian Data Protection Authority (Garante per la protezione dei dati personali) has taken sanctions against OpenAI over data protection failures related to the ChatGPT chatbot. OpenAI must pay a €15m ($15.6m) fine and carry out a six-month public awareness campaign across Italian media. This campaign is aimed to educate the public on how ChatGPT
The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular
Ukraine’s state registers, operated by the Ministry of Justice, have suffered their largest cyber-attack, with the Security Service of Ukraine (SSU) opening a criminal investigation into the incident, which it has attributed to Russia. The SSU has established that a hacker group affiliated with the main intelligence directorate of the general staff of the Russian
Dec 20, 2024Ravie LakshmananVulnerability / Cyber Attack A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to
New malware attacks targeting industrial control systems (ICS) are capable of killing engineering processes, a Forescout analysis has found. The researchers identified clusters of two types of malware attacks targeting Mitsubishi and Siemens engineering workstations and listed on the VirusTotal repository from August to November 2024. These were the Ramnit worm targeting Mitsubishi workstations and
Dec 18, 2024Ravie LakshmananEmail Security / Cloud Security Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims’ Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of
A sharp increase in phishing attacks, including a 202% rise in overall phishing messages in the second half of 2024, has been identified by cybersecurity experts. According to SlashNext’s 2024 Phishing Intelligence Report, a substantial 703% surge in credential phishing attacks was also observed in the same period. Key findings from the study reveal that
Dec 18, 2024Ravie LakshmananData Breach / Privacy Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what’s the latest financial hit the company has taken for flouting stringent privacy laws. The
The European Union (EU) has announced sanctions against Russian cyber actors for carrying out attacks and disinformation campaigns abroad. The European Council imposed measures against 16 individuals and three entities described as undertaking “destabilizing actions abroad” on behalf of the Russian state. It is the first time the intragovernmental agency has issued sanctions under a
Dec 17, 2024Ravie LakshmananCyber Espionage / Mobile Security A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. “The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at