WordPress Critical Security Flaw Discovered! πŸ”₯

Mar 19 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s Phishy like Sunak πŸ˜‚πŸ˜‚πŸ˜‚

Today’s hottest cybersecurity news stories:

  • πŸ›‘ Stop the WordPresses!! Remove miniOrange plugin ASAP! Major flaw! 😱

  • 🎣 Phishing goes commercial with APT26 casting out on Europe, Americas, Asia 🌎

  • πŸ“‘ AT&T claims data leak of a whopping 70M didn’t come from their systems πŸ‘

Hackers be like the future is bright the future is miniOrange πŸ‘€πŸŽ¬πŸ’€

πŸ”₯ WordPress Alert: Critical Security Flaw Discovered! πŸ”₯

⚠️ WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are urged to delete them immediately due to a critical security flaw (CVE-2024-2172).

πŸ›‘ Rated 9.8 out of 10 on the CVSS scale, the flaw impacts specific versions:

πŸ” Malware Scanner (versions <= 4.7.2)

πŸ” Web Application Firewall (versions <= 2.1.1)

🚨 These plugins have been permanently closed by maintainers as of March 7, 2024, affecting over 10,000 and 300 active installations, respectively.

πŸ”“ The vulnerability allows unauthenticated attackers to grant themselves admin privileges by updating user passwords, potentially leading to complete site takeover.

πŸ” A missing capability check in the mo_wpns_init() function is to blame, enabling attackers to manipulate site content, upload malicious files, and more.

πŸ”’ Additionally, a similar high-severity flaw (CVE-2024-1991) was discovered in the RegistrationMagic plugin, impacting all versions up to 5.3.0.0.

πŸ”„ The issue, addressed on March 11, 2024, permits authenticated attackers to elevate their privileges, affecting over 10,000 installations.

πŸ›‘οΈ Stay vigilant! Ensure your WordPress plugins are up to date and remove affected plugins to safeguard your site's security.

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

APT28: Mmmmm fresh phish, reeling them in πŸŽ£πŸ‘€πŸ’€

πŸ” Alert: APT28 Phishing Campaigns Target Global Organizations! πŸ”

🚨 APT28, a Russia-linked threat group, is orchestrating ongoing phishing attacks across Europe, South Caucasus, Central Asia, and North and South America.

🎣 These campaigns employ lure documents mimicking government and non-governmental organisations' content, covering various sectors like finance, cyber security, and healthcare.

πŸ” IBM X-Force identifies this activity as ITG05, also known as Blue Athena, Fancy Bear, and others.

πŸ’» Recent tactics involve exploiting Microsoft Outlook flaws to steal NTLMv2 hashes, possibly for future relay attacks.

πŸ“… From late November 2023 to February 2024, phishing attacks utilised the "search-ms:" URI protocol handler in Windows to distribute malware hosted on WebDAV servers, possibly controlled via compromised Ubiquiti routers.

πŸ”’ APT28 impersonates entities from Argentina, Ukraine, and other countries, using authentic-looking documents to trigger infections.

⚠️ The attack culminates in the deployment of malware like MASEPIE, OCEANMAP, and STEELHOOK, capable of file exfiltration, command execution, and browser data theft.

πŸ” APT28 demonstrates adaptability, leveraging new infection methods and commercial infrastructure while evolving malware capabilities.

πŸ’» Stay vigilant against phishing attempts! Ensure robust cybersecurity measures to thwart such attacks.

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can't get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)


🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

AT&T: It wasn’t me πŸŽΆπŸ‘€πŸ™ˆ

🚨 Alert: Alleged AT&T Data Breach Exposes Millions! 🚨

πŸ”’ AT&T denies a 2021 breach after a hacker leaked data affecting 71 million individuals, although some entries have been verified as accurate.

πŸ” The data, initially offered for sale by a threat actor called ShinyHunters, includes names, addresses, mobile numbers, encrypted birth dates, and social security numbers.

πŸ’» MajorNelson later leaked the data for free, with decrypted birth dates and social security numbers, potentially exposing customers to targeted attacks.

πŸ” While not all entries are confirmed, some have been validated by individuals and cybersecurity experts, suggesting a partial but significant data dump.

❓ The source of the data remains unclear, but indications point to it being AT&T customer data.

πŸ” If you were an AT&T customer in 2021 or earlier, assume your data may be compromised. Beware of phishing attempts, SMS scams, and SIM swapping attacks.

πŸ“§ Stay cautious of unsolicited communications claiming to be from AT&T. When in doubt, contact AT&T directly to verify the legitimacy of any messages.

That’s all for today, folks!

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles