Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label zero-day exploit. Show all posts
zero-day exploit
CVE-2024-11972 Flaws Hunk Companion plugin malware plugin security WordPress RCE flaws Wordpress Vulnerability zero-day exploit

Critical Security Flaw in "Hunk Companion" Plugin Exploited by Hackers

 


Hackers are actively exploiting a serious security vulnerability in the "Hunk Companion" plugin to install and activate other plugins that contain known vulnerabilities from the WordPress.org repository. This targeted attack allows the installation of plugins with a variety of vulnerabilities, including remote code execution (RCE), SQL injection, and cross-site scripting (XSS), and even enables the creation of unauthorized admin backdoors.

Exploitation of Outdated Plugins

By focusing on outdated plugins with existing exploits, attackers can execute malicious actions, compromising WordPress sites. WPScan discovered the malicious activity and reported the issue to the developers of Hunk Companion. In response, a security update addressing the zero-day vulnerability was released yesterday.

Hunk Companion is an add-on plugin designed to enhance WordPress themes developed by ThemeHunk. Although it is installed on over 10,000 WordPress sites, it remains a relatively niche tool within the WordPress ecosystem, according to WordPress.org statistics.

Details of the Vulnerability

The critical vulnerability, identified by WPScan researcher Daniel Rodriguez, is tracked as CVE-2024-11972. This flaw allows attackers to install plugins via POST requests without authentication, creating a serious security risk for affected WordPress sites.

All versions of Hunk Companion prior to version 1.9.0, released yesterday, are affected. During an investigation of an infected site, WPScan found evidence of active exploitation of CVE-2024-11972. This exploit enabled the installation of a compromised version of the WP Query Console plugin, which has not been updated in over seven years. The hackers used this plugin to execute malicious PHP code by exploiting the RCE flaw CVE-2024-50498.

According to WPScan, “In the infections we've analyzed, attackers use the RCE to write a PHP dropper to the site’s root directory. This dropper allows continued unauthenticated uploads via GET requests, enabling persistent backdoor access to the site.”

Previous Attempts to Fix the Vulnerability

A similar flaw was addressed in version 1.8.5 of Hunk Companion, tracked as CVE-2024-9707. However, this fix was found to be insufficient, and attackers managed to bypass it.

Due to the severity of this vulnerability and the ongoing exploitation, users of Hunk Companion are strongly advised to update to version 1.9.0 immediately. At the time of reporting, version 1.9.0 had been downloaded around 1,800 times, leaving approximately 8,000 sites still vulnerable to attacks.

Read more »
zero-day exploit
Online Security User Security Vulnerabilities and Exploits Zero-Day Attack zero-day exploit

What is a Zero-Day Attack And How You Can Safeguard Against It?

 

The cyberthreats that are still unknown to us are the most severe. The majority of cyberdefenses rely on having prior knowledge of the attack's nature. We just don't know what zero days are, which is why they are so lethal. 

A zero-day attack occurs when cybercriminals abuse a software or hardware flaw that is totally unknown to developers and the larger cybersecurity community. Because no one is aware of the issue, no defences have been designed against it, making systems vulnerable. This implies that even if you're using top-tier cybersecurity software, such as the finest VPN or antivirus, you may still be vulnerable to zero-day assaults.

The term "zero-day" refers to the fact that security firms had zero days to repair or patch a vulnerability. Zero-day attacks are particularly dangerous because they are frequently leveraged by sophisticated hackers or nation-state groups to access highly guarded networks. These attacks can go undetected over an extended length of time, making them incredibly tough to defend against. 

In this article, I will explain what zero-day attacks are, how they work, and how you can safeguard yourself or your business from these hidden threats.

What are zero-day attacks? 

A zero-day attack is when a hacker exploits a previously unknown flaw. These vulnerabilities are defects or weaknesses in programming that allow for unintended actions, such as unauthorised network access. Once a hacker has identified a vulnerability, they can use it to access a network, install malware, steal data, or do other types of damage.

Zero-day exploits

This leads us nicely into the concept of zero-day exploits. Zero-day exploits are coded by hackers to cause a system to perform something it would not normally do by exploiting a vulnerability. This is the hacker's hidden weapon, allowing them to breach systems while remaining undetected. A hacker group may keep a large number of zero-day exploits on hand, ready to be used when the need arises.

These exploits are used to launch a zero-day assault. In most cases, a zero-day assault occurs when the public becomes aware of a vulnerability. Once the attack is identified, the race is on to remedy the vulnerability and avoid further abuse. 

Prevention tips

Install updates: It should go without saying that updating your software is essential. Upon the identification of a flaw and the release of a patch, it is imperative to promptly implement the update. Even while a zero-day attack may start with a very small number of targets, hackers can quickly create their own exploits once the larger security community is made aware of a vulnerability. 

Stay updated: Threat intelligence services also help you stay up to date on the latest emerging threats. These feeds provide real-time information on new vulnerabilities, exploits, and attack methodologies, allowing you to mitigate the risk by modifying your defences to resist them. 

Bolster the overall security of the network: Remember that a zero-day is not a skeleton key. It's a particular specific issue that enables a hacker to bypass a specific defence in your system. The more safeguards you put in place, such as two-factor authentication, antivirus, and antimalware, the better your chances of stopping a hacker in their tracks.
Read more »
zero-day exploit
cryptomining malware cybersecurity threat edge devices malware PAN-OS vulnerability RedTail malware zero-day exploit

RedTail Cryptomining Malware Exploits Zero-Day Vulnerability in PAN-OS

 

Cryptomining malware, potentially of North Korean origin, is targeting edge devices, including a zero-day vulnerability in Palo Alto Networks' custom operating system that the company quickly patched in April. Researchers from Akamai identified the malware, dubbed RedTail due to its hidden "redtail" file name, indicating a sophisticated understanding of cryptomining.

The threat actors behind RedTail are likely operating their own mining pools or pool proxies instead of using public ones, aiming for greater control over mining outcomes despite the increased operational and financial costs of maintaining a private server. Akamai researchers noted that the hackers are using the newer RandomX algorithm for better efficiency and modifying the operating system configuration to use larger memory blocks, known as hugepages, to boost performance.

The use of private mining pools is a tactic reminiscent of North Korea's Lazarus Group, although Akamai has not directly attributed RedTail to any specific group. North Korea is known for its for-profit hacking operations, which include extensive cryptocurrency theft and other methods to evade sanctions (see: US FBI Busts North Korean IT Worker Employment Scams).

Initially spotted earlier this year, the RedTail malware has evolved to incorporate anti-research techniques, making it more difficult for security researchers to analyze and mitigate the threat. Akamai reports that the malware's operators quickly exploited the PAN-OS vulnerability, tracked as CVE-2024-3400, which allows attackers to create an arbitrary file enabling command execution with root user privileges (see: Likely State Hackers Exploiting Palo Alto Firewall Zero-Day).

Other notable targets include TP-Link routers, the China-origin content management system ThinkPHP, and Ivanti Connect Secure. Security researchers warn that advanced hackers, including state-sponsored threat actors, are increasingly focusing on edge devices due to their inconsistent endpoint detection and the proprietary software that complicates forensic analysis.
Read more »
Subscribe to: Posts (Atom)