Critical Security Flaw Discovered in LayerSlider WordPress Plugin

Apr 06 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Sponsored by

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s covers more cybercrime stories than London has #Parakeets πŸ¦πŸ‘€πŸ€£

Today’s hottest cybersecurity news stories:

  • πŸ“° Stop the WordPresses! LayerSlider plugin has critical flaw ⚠️

  • 🐎 Mispadu trojan takes Europe by storm, steals 1000s of credentials πŸ”‘

  • πŸͺ Google wants to protect your cookies w/ new DBSC protection in beta πŸ§ͺ

We can’t just let this one Slider 😬😬😬

🚨 Critical Security Flaw Discovered in LayerSlider WordPress Plugin: Take Action Now! πŸ›‘οΈ

Attention WordPress users! A critical security vulnerability affecting the LayerSlider plugin has been unearthed, posing a grave threat to website security and user data integrity.

πŸ” Understanding the Vulnerability

Designated as CVE-2024-2879, this flaw exposes websites to SQL injection attacks, enabling attackers to extract sensitive information, including password hashes, from vulnerable databases. The severity of the issue is underscored by its CVSS score of 9.8 out of 10.0.

πŸ” Urgent Patch Available

LayerSlider developers have swiftly responded to the threat by releasing version 7.10.1 on March 27, 2024, containing crucial security fixes. It's imperative for all users running versions 7.9.11 through 7.10.0 to update immediately to mitigate the risk of exploitation.

🚨 Risk Mitigation and Prevention

The vulnerability arises from insufficient escaping of user-supplied parameters, creating an avenue for unauthenticated attackers to inject malicious SQL queries. While the attack surface is limited to a time-based approach, the potential consequences of data theft are severe.

πŸ›‘οΈ Stay Vigilant Against Emerging Threats

This revelation comes amid a surge in WordPress plugin vulnerabilities, including an unauthenticated stored cross-site scripting (XSS) flaw in WP-Members Membership Plugin (CVE-2024-1852). Remain vigilant, prioritise security updates, and implement robust security measures to safeguard your WordPress ecosystem.

πŸ”’ Protecting Your WordPress Site

Regularly update your plugins and themes, employ strong passwords, and consider security plugins to fortify your defences against evolving threats. By staying proactive and informed, you can fortify your WordPress site against malicious actors and preserve the trust of your users.

Stay secure, stay informed. Together, let's uphold the integrity of the WordPress community and ensure a safe online experience for all users.

Join the webinar on April 10: Combating threats through a continuous compliance with Vanta, CrowdStrike, and AWS

As the movement towards cloud-first continues, how can teams ensure their cloud security and compliance programs are optimized? On April 10, join leaders from Vanta, CrowdStrike, and AWS as they discuss ways to leverage continuous compliance and security to proactively monitor cloud infrastructure.

It’s a bit hit and Mispadu 😏😏😏

🚨 Beware: Mispadu Banking Trojan Targets Users Beyond Latin America! πŸ”’

The notorious Mispadu banking trojan, previously confined to Latin America, has widened its scope, setting its sights on individuals in Italy, Poland, and Sweden. This alarming development poses a significant threat to users worldwide.

🌍 Global Expansion of Threat

According to security researchers at Morphisec, the Mispadu campaign has diversified its targets, encompassing various sectors such as finance, services, manufacturing, law firms, and commercial facilities. Despite this geographic expansion, Mexico remains the primary target, underscoring the severity of the threat.

πŸ’» Sophisticated Attack Techniques

Mispadu, also known as URSA, employs advanced tactics to infiltrate systems and steal sensitive data. Utilising spam emails and exploiting security vulnerabilities like the Windows SmartScreen bypass flaw, the trojan orchestrates multi-stage attacks, compromising unsuspecting users and wreaking havoc on their devices.

πŸ” Infection Sequence Unveiled

The infection sequence initiated by Mispadu is intricate and multifaceted. Beginning with PDF attachments in phishing emails, recipients are lured into downloading malicious files, triggering a cascade of events that culminates in the deployment of the trojan payload. The malware employs anti-virtual machine checks and sophisticated encryption techniques to evade detection.

πŸ›‘οΈ Protecting Against Emerging Threats

As cyber threats evolve, it's crucial for users to remain vigilant and adopt robust security measures. Regularly update software, exercise caution when opening email attachments or clicking on links, and deploy reputable antivirus solutions to fortify your defences against malware attacks.

🚨 Heightened Vigilance Required

This revelation comes amidst a surge in malware dissemination tactics, including the exploitation of YouTube channels to propagate information stealers like Lumma Stealer and Stealc. Stay informed, stay vigilant, and prioritise your cybersecurity to safeguard your digital assets and personal information.

Together, let's combat cyber threats and create a safer online environment for all users. Stay secure, stay protected! πŸ”’

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can't get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)

🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

And that’s the way the cookie crumbles πŸͺπŸ™ˆπŸ˜

🚨 Google Introduces Device Bound Session Credentials to Combat Cookie Theft πŸ›‘οΈ

Attention Chrome users! Google is rolling out a groundbreaking security feature called Device Bound Session Credentials (DBSC) to thwart cookie theft by malware and enhance user protection. Here's what you need to know about this cutting-edge defence mechanism:

πŸ”’ Fortifying User Security

DBSC is designed to safeguard users against session cookie theft, a common tactic employed by malware to hijack online accounts. By binding authentication sessions to the device, DBSC renders stolen cookies useless, significantly reducing the success rate of cookie theft malware.

πŸ”‘ Cryptographic Approach

Implemented as an open web standard, DBSC leverages a cryptographic approach that ties authentication sessions to the device using public/private key pairs. These keys, stored locally on the device via Trusted Platform Modules (TPMs), enhance security by preventing adversaries from abusing stolen cookies.

🚫 Disrupting Cookie Theft Industry

Google's initiative aims to disrupt the cookie theft industry by making it harder for attackers to exploit stolen cookies and gain unauthorised access to user accounts. DBSC's cryptographic protocols and session-bound keys bolster device-level security, mitigating the risk posed by sophisticated malware attacks.

πŸ” Enhanced Defense Mechanism

DBSC offers an API for websites to control the lifetime of session keys and a protocol for verifying proof-of-possession of private keys throughout the session. By device-binding private keys and periodically proving possession, DBSC enhances detection and mitigation of cookie theft, bolstering overall cybersecurity.

πŸš€ Rollout and Future Plans

DBSC will be initially deployed to approximately half of Chrome's desktop users, with support expected to expand over time. Google is collaborating with server providers, identity providers, and other browser vendors to ensure widespread adoption of DBSC and strengthen user protection across the web.

πŸ”’ Protecting Your Online Presence

As cyber threats evolve, it's crucial to stay informed and implement robust security measures. Enable Enhanced Safe Browsing in Chrome, keep your browser and devices updated, and exercise caution when interacting with online content to safeguard your digital assets and personal information.

With DBSC, Google is spearheading efforts to bolster online security and empower users to navigate the web with confidence. Stay secure, stay protected! πŸ›‘οΈ

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles