WordPress is, by far, the most widely used website building technology on the internet. According to the most recent statistics, more than 35% of all internet websites run on versions of the WordPress CMS (content management system).
Due to its huge number of active installations, WordPress is a massive attack surface. Attempts to hack into WordPress sites are like a constant hum in the background of all internet traffic, going on at any given time.
A group of hackers is using the remote desktop ActiveX control in Word documents to automatically execute on Windows 10 a malware downloader called Ostap that was seen recently adopted by TrickBot for delivery.
Security researchers have found dozens of files that delivered the first malware payload, indicating a larger campaign.
In light of the global scale of COVID-19, cyber criminals have been able to take advantage of the fear and uncertainty to deploy scams and attacks against unsuspecting targets worldwide. Threat actors are using COVID-19-themed phishing emails to serve malware and phish landing pages. Security researchers have discovered ransomware strains, selling misleading services and misinformation campaigns taking advantage of the concern and fear over COVID-19.
Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the wild.
Microsoft confirmed Windows 10 internet bug on March 26. They have issued a patch to the PCs and servers affected. The internet bug has caused internet connection problems across Teams, Office, Office365, Outlook, Internet Explorer 11, and in some cases Microsoft Edge. These issues have become more evident as people work remote.
Microsoft recommends that you only install this optional update if you are affected by this issue. For more information, see the known issues section for your version of Windows 10 or see the links below.
During the past few weeks, there has been a major increase in new domain registrations with names including “Zoom”—one of the most common video communication platforms used around the world. Since the beginning of the year, more than 1700 new domains were registered and 25% of them were registered in the past week.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild.
We encouarage users and administrators to review Mozilla’s security advisory for Firefox 74.0.1 and Firefox ESR 68.6.1 and apply the necessary update.
There have been various cases with Citrix, Pulse VPN, and Remote Desktop (RDP) have been exploited. Make sure that if you are using these systems are patched the latest patches available.
During this time COVID-19 pandemic Health care has been targeted by nation states and cyber criminals. According to Health-ISAC Threat Intelligence Committee (TIC) there has been an increase of roughly 20-30% in overall phishing attacks.
On April 8th a new Zoom update was released. In the update, Zoom has provided access to settings in the desktop application that previously were available only on the Zoom web application. The ‘Lock Meeting’ and ‘Enable Waiting Room’ settings are now available next to the ‘Participants’ button in the main screen of the desktop application. See image below:
‘Enable Waiting Room’ is enabled by default and the host has the option to lock the meeting from the desktop directly.
Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For more information, please visit the Juniper Security Advisories webpage.
The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims.
The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.
Microsoft is announcing the release of updates to address multiple vulnerabilities found in the Autodesk FBX library which is integrated into certain Microsoft applications. Details about the vulnerabilities can be found at the Autodesk Trust Center Security Advisory ADSK-SA-2020-0002.
During this unusual time in our lives, many of us find we want to improve our knowledge, skills or even prepare for new career opportunities. If you are interested in cybersecurity careers, there are numerous online education providers to choose from. Many online courses are available from your local community college, four-year universities, even the prestigious Centers of Academic Excellence programs – please review all options.
Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Solution software. An attacker could exploit this vulnerability to take control of an affected system
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website.
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Visit The CISCO Security Advisories for more details on the different updates that need to be fixed.
A vulnerability in Telerik UI for ASP.NET could allow for arbitrary code execution. ASP.NET is an open-source server-side web-application framework designed for web development to produce dynamic web pages. Successful exploitation of this vulnerability could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Visit Adobe Security Bulletin APSB20-24 and APSB20-26 and apply the necessary updates.
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
© 2023 Regents of the University of California