Overview

Fortinet has disclosed a critical authentication bypass vulnerability affecting FortiOS and FortiProxy systems, identified as CVE-2024-55591. With a CVSS score of 9.6, this vulnerability allows unauthenticated attackers to execute unauthorized code or commands, granting them “super-admin” privileges.

The exploitation of this vulnerability has already been observed “in the wild,” stressing the urgency for affected organizations to act immediately.

Key Details

Vulnerability Summary

CVE-2024-55591 arises from a flaw in the Node.js websocket module, specifically within FortiOS and FortiProxy, where an alternate path or channel can bypass authentication mechanisms (CWE-288). This allows remote attackers to gain administrative access and compromise device configurations.

Affected Products

The vulnerability impacts specific versions of FortiOS and FortiProxy:

• FortiOS 7.0: Versions 7.0.0 through 7.0.16
• FortiProxy 7.0: Versions 7.0.0 through 7.0.19
• FortiProxy 7.2: Versions 7.2.0 through 7.2.12

Unpatched systems are vulnerable to unauthorized access and subsequent exploitation.

Indicators of Compromise (IoCs)

Organizations are advised to monitor for the following IoCs to detect potential compromise:

Log Entries

• Admin Login Events

• Log Message: Successful login from the “jsconsole” interface with “super-admin” privileges.
• Example: type=”event” subtype=”system” level=”information” vd=”root” logdesc=”Admin login successful” sn=”1733486785″ user=”admin” ui=”jsconsole” method=”jsconsole” srcip=1.1.1.1 dstip=1.1.1.1 action=”login” status=”success” reason=”none” profile=”super_admin” msg=”Administrator admin logged in successfully from jsconsole”
• Admin Account Creation

• Log Message: Creation of admin accounts with random usernames from suspicious IPs.
• Example: type=”event” subtype=”system” level=”information” vd=”root” logdesc=”Object attribute configured” user=”admin” ui=”jsconsole(127.0.0.1)” action=”Add” cfgtid=1411317760 cfgpath=”system.admin” cfgobj=”vOcep” cfgattr=”password[*]accprofile[super_admin]vdom[root]” msg=”Add system.admin vOcep”

Common IP Addresses Usernames Used by Threat Actors

• Frequent IPs:
  • 1.1.1.1
  • 2.2.2.2
  • 8.8.8.8
  • 45.55.158.47 [most used IP address]
  • 87.249.138.47

• Admin/Usernames Created by Threat Actors:
  Randomly generated usernames have been observed, such as:
  • Gujhmk
  • Ed8x4k
  • G0xgey
  • Pvnw81
  • Alg7c4
  • Ypda8a
  • Kmi8p4
  • 1a2n6t
  • 8ah1t6
  • M4ix9f

Threat Actor Activity

Post-exploitation, attackers typically perform the following actions:

1. Create admin accounts with elevated privileges.
2. Add local users to existing SSL VPN user groups.
3. Alter firewall policies to enable unauthorized network access.
4. Use compromised SSL VPN accounts to establish tunnels into internal networks.

These actions allow lateral movement within the network, further compromising critical assets.

Mitigation Recommendations

Patch Management

Upgrade to Secure Versions:

• FortiOS: Upgrade to 7.0.17 or higher.
• FortiProxy: Upgrade to 7.0.20 or higher.
  Use Fortinet’s Upgrade Tool for guidance.

Access Control

1. Disable HTTP/HTTPS Administrative Interfaces:
   Prevent unauthorized access by disabling external administrative interfaces.
2. Restrict Access with Local-In Policies:
   Limit administrative access to trusted IP addresses using local-in policies.
   • Configure firewall address and groups for allowed IPs.
   • Apply local-in policies to restrict management interface access.

Monitoring and Detection

1. Audit Logs:
   Continuously monitor system logs for anomalous login activities, suspicious IP addresses, and unauthorized account creations.
2. Threat Intelligence Integration:
   Leverage threat intelligence feeds to stay updated on IoCs and adversarial tactics.

Incident Response

1. Immediate Actions on Compromise:
   • Remove unauthorized accounts and reset passwords for all administrative and local users.
   • Revert unauthorized firewall and VPN configuration changes.
   • Isolate compromised devices from the network and conduct forensic analysis.

2. Strengthen VPN Security:
   • Change SSL VPN ports to non-default values.
   • Implement multi-factor authentication (MFA) for all VPN users.

Workarounds

If patching is not immediately feasible, the following steps can temporarily mitigate risks:

1. Restrict Administrative Access:
   Use local-in policies to limit management interface access to trusted IPs.
2. Modify SSL VPN Ports:
   Configure custom ports for SSL VPN and HTTPS interfaces to avoid default port exploitation.
3. Enable Trusthost Feature:
   Apply the trusthost feature to restrict access only to predefined IP ranges.

Conclusion

Organizations leveraging Fortinet solutions must act promptly to secure their infrastructure against CVE-2024-55591exploitation, leveraging patches, access restrictions, and continuous monitoring to detect and mitigate potential attacks. Proactively implementing these measures not only reduces the attack surface but also strengthens overall network security against advanced threat actors.

References:

https://www.fortiguard.com/psirt/FG-IR-24-535

https://docs.fortinet.com/upgrade-tool

The post Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security appeared first on Cyble.

Blog – Cyble – ​Read More

Overview

Foreign interference poses a persistent and evolving threat to Australia’s sovereignty, democracy, and national interests. Recognizing the critical importance of addressing these risks, the Australian Government has launched the “Countering Foreign Interference in Australia: Working Together Towards a More Secure Australia” initiative.

This comprehensive strategy outlines measures to identify, mitigate, and prevent foreign interference while empowering individuals and organizations to protect themselves.

Defining Foreign Interference

Foreign interference encompasses activities conducted on behalf of foreign powers that pose threats to individuals, infrastructure, or institutions. Unlike foreign influence, which operates transparently, foreign interference relies on clandestine, deceptive, and harmful methods to undermine Australia’s interests, the Australian Department of Home Affairs said.

Key Targets of Foreign Interference

• Individuals: Members of diaspora communities are often coerced, intimidated, or manipulated to serve foreign interests.
• Infrastructure and Institutions: Critical infrastructure, democratic processes, and national security systems are frequently targeted for control or disruption.
• Information: Foreign actors steal, manipulate, or fabricate data to influence public opinion or gain strategic advantages.

The Scale of the Threat

The Director-General of Security Mike Burgess had earlier warned that espionage and foreign interference represent Australia’s principal security concerns. “If we had a threat level for espionage and foreign interference it would be at CERTAIN – the highest level on the scale. The threat is now. And the threat is deeper and broader than you might think.”

The Director-General’s comments indicated that more Australians are being targeted than ever before. Failure to counteract these activities risks long-term consequences, including undermining democratic values, economic prosperity, and social cohesion.

Key Sectors at Risk

• Communities: Members of diaspora communities are particularly vulnerable to threats such as surveillance, harassment, and coercion. Foreign actors often exploit these individuals to advance their agendas.

Example: Protesters advocating against foreign regimes may face harassment or threats to their families abroad.

• Democratic Institutions: Electoral processes and political systems are primary targets. Foreign actors may attempt to sway election outcomes, corrupt officials, or spread disinformation to erode public confidence.

Example: Covertly influencing campaign donations to push policies favorable to foreign interests.

• Higher Education and Research: Universities and research institutions face risks such as intellectual property theft, academic coercion, and undue influence over curricula.

Example: Recruitment of academics by foreign entities to redirect research toward military or commercial objectives.

• Industry: Joint ventures, supply chain manipulation, and intellectual property theft threaten Australia’s economic resilience and defense capabilities.

Example: Hidden affiliations in joint ventures exposing Australian companies to espionage.

• Media and Communications: Foreign actors undermine independent media through disinformation, censorship, and recruitment of journalists, eroding trust and spreading propaganda.

Example: Influencing editorial decisions to align with foreign narratives, reducing transparency in public discourse.

Government Initiatives to Counter Foreign Interference

The Australian Government has adopted a multi-faceted approach to mitigate risks and strengthen resilience:

Legislative Framework

• Criminal Code Act 1995: Criminalizes foreign interference with penalties of up to 20 years imprisonment.
• Foreign Influence Transparency Scheme: Mandates registration of activities conducted on behalf of foreign principals.
• Foreign Investment Framework: Reviews foreign investments to ensure they align with national interests.
• Security of Critical Infrastructure Act 2018: Establishes legal obligations for safeguarding critical assets.

Additional Measures

• Counter Foreign Interference Taskforce (CFI Taskforce): Led by ASIO and AFP, this taskforce identifies, assesses, and disrupts acts of foreign interference.
• Counter Foreign Interference Coordination Centre (CFICC): Coordinates whole-of-government efforts and provides leadership on policy and outreach.
• University Foreign Interference Taskforce (UFIT): Protects academic institutions from coercion and intellectual property theft.
• Technology Foreign Interference Taskforce (TechFIT): Collaborates with the technology sector to address interference in critical technologies.
• Electoral Integrity Assurance Taskforce (EIAT): Ensures the integrity of federal electoral events against foreign threats.

What Individuals and Organizations Can Do

The Australian Government stressed on the shared responsibility in countering foreign interference. Individuals and organizations must take proactive steps to safeguard their interests:

For Individuals

• Report suspicious activities to the National Security Hotline (1800 123 400).
• Practice cyber hygiene, such as using strong passwords and verifying online information sources.
• Be vigilant about coercion or recruitment attempts, especially online or in professional settings.

For Organizations

• Strengthen cybersecurity measures and report incidents to the Australian Cyber Security Centre (ACSC).
• Conduct due diligence in partnerships, including verifying affiliations and reviewing intellectual property agreements.
• Monitor insider threats and implement workforce screening and ethics frameworks.

Practical Tools

• NITRO Portal: A secure reporting mechanism for businesses and research institutions to flag concerns about foreign interference.

Strengthening Partnerships

Australia’s coordinated response involves collaboration across government, industry, and international allies. By fostering partnerships and sharing intelligence, Australia aims to:

• Raise the costs of foreign interference for adversaries.
• Enhance the resilience of critical sectors.
• Build public awareness about the threats and protective measures.

Conclusion

Foreign interference poses a significant challenge to Australia’s democratic integrity, national security, and social fabric. The launch of “Countering Foreign Interference in Australia” demonstrates the government’s commitment to addressing these threats through robust legislation, strategic initiatives, and public engagement.

By working together, individuals, organizations, and the government can mitigate risks, ensure resilience, and safeguard Australia’s future. Reporting suspicious activities, adopting best practices, and fostering a culture of vigilance are critical components of this collective effort to counter foreign interference effectively.

References:

https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/countering-foreign-interference

The post Australia Launches ‘Countering Foreign Interference’ Initiative to Safeguard Sovereignty and Democracy appeared first on Cyble.

Blog – Cyble – ​Read More

Whenever you’re asked to log in to an online service, verify your identity, or download a document through a link, you’re usually required to enter your username and password. This is so common that most of us do it automatically without thinking twice. However, scammers can trick you into giving them passwords for your email, government service websites, banking services, or social networks by mimicking the service’s login form on their own (third-party) website. Don’t fall for it: only the email service itself can ask to verify your email password — no one else! The same applies to government services, banks, and social networks.

To avoid becoming a victim of fraud, every time you enter a password, take a moment to check where exactly you’re logging in, and what window is asking for your credentials. Three main scenarios are possible here — two are safe, one is fraudulent. Here they are.

Safe scenarios for entering passwords

1. Logging into your email, social network, or online service through the official website. This is the simplest scenario, but you need to make sure you are indeed on the legitimate site — with no errors in the URL. If you’re accessing the online service by clicking a link in an email or from search results, carefully check the browser’s address bar before entering your password. Make sure that both the service name and the site address are correct and match each other.

Why is it so important to take an extra second to check? Creating phishing copies of legitimate sites is a favorite trick of scammers. A phishing site’s address may be almost identical to the original, differing in just a letter or two (for example, the “i” letter might be replaced with an “I”), or use a different domain zone.

It’s also rather simple to create a link that appears to lead to a site but actually takes you somewhere else. Check it out for yourself: this link seems to lead to our blog kaspersky.com/blog but actually redirects you to our other blog — securelist.com.

The image below shows examples of legitimate login pages for various services where you can safely enter your username and password.

Examples of legitimate login pages for various services. Entering your credentials here is safe

2. Logging in to a site using an auxiliary service. This is a convenient way to log in without creating additional passwords, commonly used for file storage services, collaboration tools, and so on. Auxiliary services are typically large email providers, social networks, or government service sites. The login button may say something like “Continue with Google”, “Continue with Facebook”, “Continue with Apple”, etc.

When you click the button, another window opens belonging to the auxiliary service (Google, Facebook, Apple, etc.). It works like this: the external service verifies your identity and confirms this to the site you’re logging in to. It’s crucial to check the addresses in both windows: make sure that the pop-up window asking for your password really belongs to the auxiliary service you expected (Google, Facebook, Apple, etc.), and the main window really belongs to the legitimate site you’re trying to log in to. In many cases, the pop-up window also indicates which site you’ll be logging in to. This auxiliary service mechanism allows you to enter the desired site without it ever seeing your password. Password verification takes place on the side of the auxiliary service (Google, Facebook, Apple, etc.). IT specialists call this login method single sign-on (SSO).

Example of SSO login to eBay through an auxiliary service (Google) that verifies your password. Entering your credentials here is also safe

Fraudulent scenario: password theft

You receive an email or message with a login link, click it, and end up on a site that very closely resembles a legitimate email, social network, file-sharing, or e-signature service. The site asks you to log in to your account to prove your identity. To this end, you’re prompted to enter your email and password for your email, government services site, banking service, or social network directly on this site.

In this scenario, either there’s no pop-up window from a legitimate service (such as the one in the previous case), or the additional window also belongs to some third-party site. This is a scam designed to steal your

Look at the address bar: this is definitely not Netflix! Don’t enter your credentials here!

account password! Remember, a third-party site can’t verify your password — it simply doesn’t know it, and passwords are never shared between sites.

How to protect yourself from password theft

1. Carefully check the address of the site requesting your password.
2. Only enter a password for a service on the official website of that service — nowhere else.
3. Sometimes a separate window appears for entering a password. Make sure this window is a regular browser window where you can see the address bar and verify the address.
4. Scammers can create lookalike sites with addresses that are hard to distinguish from real ones. To avoid falling into such a trap, use reliable anti-phishing protection on all devices and platforms. We recommend Kaspersky Premium, the winner of an anti-phishing test in 2024.
5. An advanced protection method is to use a password manager for all your accounts. It verifies the actual page address, and will never enter your credentials on an unfamiliar site — no matter how convincing it looks.

Kaspersky official blog – ​Read More

The old saying, “A chain is only as strong as its weakest link”, directly applies to enterprise cybersecurity. Businesses these days often rely on dozens or even hundreds of suppliers and contractors, who, in turn, use the services and products of yet more contractors and suppliers. And when these chains involve not raw materials but complex IT products, ensuring their security becomes significantly more challenging. This fact is exploited by attackers, who compromise a link in the chain to reach its end — their main target. Accordingly, it’s essential for business leaders and the heads of IT and information security to understand the risks of supply-chain attacks in order to manage them effectively.

What is a supply-chain attack?

A supply-chain attack involves a malicious actor infiltrating an organization’s systems by compromising a trusted third-party software vendor or service provider. Types of this attack include the following:

• Compromising well-known software developed by a supplier and used by the target organization (or multiple organizations). The software is modified to perform malicious tasks for the attacker. Once the next update is installed, the software will contain undeclared functionality that allows the organization to be compromised. Well-known examples of such attacks include the compromise of the SolarWinds Orion and 3CX Last year, the to-date largest attempt at such an attack was discovered — XZ Utils. Fortunately, it was unsuccessful.
• Attackers find corporate accounts used by a service provider to work within the target organization’s systems. The attackers use these accounts to infiltrate the organization and carry out an attack. For example, the American retail giant Target was hacked through an account issued to an HVAC provider.
• Attackers compromise a cloud provider or exploit the features of a cloud provider’s infrastructure to access the targeted organization’s data. The most high-profile case last year involved the compromise of more than 150 clients of the Snowflake cloud service, leading to the data leak of hundreds of millions of users of Ticketmaster, Santander Bank, AT&T, and others. Another large-scale, big-impact attack was the hack of the authentication service provider Okta.
• Attackers exploit permissions delegated to a contractor in cloud systems, such as Office 365, to gain control over the target organization’s documents and correspondence.
• Attackers compromise specialized devices belonging to or administered by a contractor, but connected to the target organization’s network. Examples include smart-office air-conditioning systems, and video surveillance systems. For example, building automation systems became a foothold for a cyberattack on telecom providers in Pakistan.
• Attackers modify IT equipment purchased by the target organization, either by infecting pre-installed software or embedding hidden functionality into the devices’ firmware. Despite their complexity, such attacks have actually occurred in practice. Proven cases include Android device infections, and widely discussed server infections at the chip level.

All variations of this technique in the MITRE ATT&CK framework come under the name “Trusted Relationship” (T1199).

Benefits of supply-chain attacks for criminals

Supply-chain attacks offer several advantages for attackers. Firstly, compromising a supplier creates a uniquely stealthy and effective access channel — as demonstrated by the attack on SolarWinds Orion software, widely used in major U.S. corporations, and the compromise of Microsoft cloud systems, which led to email leaks from several U.S. government departments. For this reason, this type of attack is especially favored by criminals hunting for information. Secondly, the successful compromise of a single popular application or service instantly provides access to dozens, hundreds, or even thousands of organizations. Thus, this kind of attack also appeals to those motivated by financial gain, such as ransomware groups. One of the most high-profile breaches of this type was the attack on IT supplier Kaseya by the REvil group.

A tactical advantage (to criminals) of attacks exploiting trusted relationships lies in the practical consequences of this trust: the applications and IP addresses of the compromised supplier are more likely to be on allowlists, actions performed using accounts issued to the supplier are less frequently flagged as suspicious by monitoring centers, and so on.

Damage from supply-chain attacks

Contractors are usually compromised in targeted attacks carried out by highly motivated and skilled attackers. Such attackers are typically aiming to obtain either a large ransom or valuable information — and in either case, the victim will inevitably face long-term negative consequences.

These include the direct costs of investigating the incident and mitigating its impact, fines and expenses related to working with regulators, reputational damage, and potential compensation to clients. Operational disruptions caused by such attacks can also result in significant productivity losses, and threaten business continuity.

There are also cases that don’t technically qualify as supply-chain attacks — attacks on key technology providers within a specific industry — that nevertheless disrupt the supply chain. There were several examples of this in 2024 alone, the most striking being the cyberattack on Change Healthcare, a major company responsible for processing financial and insurance documents in the U.S. healthcare industry. Clients of Change Healthcare were not hacked, but while the compromised company spent a month restoring its systems, medical services in the U.S. were partially paralyzed, and it was recently revealed that confidential medical records of 100 million patients were exposed as a result of this attack. In this case, mass client dissatisfaction became a factor pressuring the company to pay the ransom.

Returning to the previously mentioned examples: Ticketmaster, which suffered a major data breach, faces several multi-billion-dollar lawsuits; criminals demanded $70 million to decrypt the data of victims of the Kaseya attack; and damage estimates from the SolarWinds attack range from $12 million per affected company to $100 billion in total.

Which teams and departments should be responsible for supply-chain-attack prevention?

While all the above may suggest that dealing with supply-chain attacks is entirely the responsibility of information security teams, in practice, minimizing these risks requires the coordinated efforts of multiple teams within the organization. Key departments that should be involved in this work include:

• Information security: responsible for implementing security measures and monitoring compliance with them, conducting vulnerability assessments, and responding to incidents.
• IT: ensures that the procedures and measures required by information security are followed when organizing contractors’ access to the organization’s infrastructure, uses monitoring tools to oversee compliance with these measures, and prevents the emergence of shadow or abandoned accounts and IT services.
• Procurement and vendor management: should work with information security and other departments to include trust and corporate information-security compliance criteria in supplier selection processes. Should also regularly check that supplier evaluations meet these criteria and ensure ongoing compliance with security standards throughout the contract period.
• Legal departments and risk management: ensure regulatory compliance and manage contractual obligations related to cybersecurity.
• Board of directors: should promote a security culture within the organization, and allocate resources for implementing the above measures.

Measures for minimizing the risk of supply-chain attacks

Organizations should take comprehensive measures to reduce the risks associated with supply-chain attacks:

• Thoroughly evaluate suppliers. It’s crucial to assess the security level of potential suppliers before beginning collaboration. This includes requesting a review of their cybersecurity policies, information about past incidents, and compliance with industry security standards. For software products and cloud services, it’s also recommended to collect data on vulnerabilities and pentests, and sometimes it’s advised to conduct dynamic application security testing (DAST).
• Implement contractual security requirements. Contracts with suppliers should include specific information security requirements, such as regular security audits, compliance with your organization’s relevant security policies, and incident notification protocols.
• Adopt preventive technological measures. The risk of serious damage from supplier compromise is significantly reduced if your organization implements security practices such as the principle of least privilege, zero trust, and mature identity management.
• Organize monitoring. We recommend using XDR or MDR solutions for real-time infrastructure monitoring and detecting anomalies in software and network traffic.
• Develop an incident response plan. It’s important to create a response plan that includes supply-chain attacks. The plan should ensure that breaches are quickly identified and contained — for example by disconnecting the supplier from company systems.
• Collaborate with suppliers on security issues. It’s vital to work closely with suppliers to improve their security measures — such collaboration strengthens mutual trust and makes mutual protection a shared priority.

Deep technological integration throughout the supply chain affords companies unique competitive advantages, but simultaneously creates systemic risks. Understanding these risks is critically important for business leaders: attacks on trusted relationships and supply chains are a growing threat, entailing significant damage. Only by implementing preventive measures across the organization and approaching partnerships with suppliers and contractors strategically can companies reduce these risks and ensure the resilience of their business.

Kaspersky official blog – ​Read More

Google Chrome and WordPress users face high-severity security threats. CyberSecurity Malaysia advises immediate updates to prevent potential exploits and safeguard data.

Overview

CyberSecurity Malaysia has recently notified users of critical vulnerabilities in two widely used software platforms: Google Chrome and the WordPress File Upload plugin. If exploited, these vulnerabilities could allow attackers to execute arbitrary code, escalate privileges, or cause disruptions.

Security updates have been issued, and users are strongly advised to apply these updates immediately to protect their systems.

This article provides an in-depth look at these vulnerabilities, their potential impacts, affected products, and recommended mitigation actions.

Google Chrome Security Update

Google has released security updates to address multiple vulnerabilities in the Chrome browser. These vulnerabilities have been categorized as high-severity risks and require immediate attention from users and administrators.

If successfully exploited, these vulnerabilities could enable attackers to:

• Execute arbitrary code on the target system.
• Escalate their privileges to gain unauthorized access.
• Cause denial-of-service (DoS) attacks on affected ChromeOS devices.

These threats underscore the importance of keeping software updated to prevent exploitation.

One of the critical vulnerabilities addressed in this update is:

• CVE-2025-0291 (High): This is a Type Confusion vulnerability in the V8 JavaScript engine. Type Confusion occurs when the program allocates or uses a resource in an unintended way, which could allow attackers to manipulate the system and execute malicious code.

Recommendations

CyberSecurity Malaysia advises all users and administrators to:

1. Review the latest Google Chrome release notes.
2. Update Chrome to the latest version without delay.
3. Regularly check for updates to ensure their browser remains secure.

WordPress File Upload Plugin Vulnerability

WordPress has issued a critical security update to address a vulnerability in its File Upload plugin. This vulnerability, if exploited, could have severe consequences for WordPress websites, particularly those using outdated versions of the plugin.

The vulnerability could allow unauthenticated attackers to:

• Execute remote code on the server.
• Read arbitrary files, potentially exposing sensitive information.
• Delete files, causing data loss and service disruptions.

With a high severity score of 9.8 on the CVSS scale, this vulnerability is categorized as critical and poses a significant threat to websites using the affected plugin.

Affected Products

• WordPress File Upload Plugin: Versions 4.24.15 and below are affected.
• Vulnerability Details:
  • CVE Identifier: CVE-2024-11613
  • Vulnerability Type: Improper Control of Code Generation (Code Injection).
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Researcher: Abrahack
  • Date of Public Disclosure: January 7, 2025

The vulnerability lies in the improper sanitization of the source parameter within the file wfu_file_downloader.php, which allows attackers to define their own directory paths. This flaw enables remote code execution, arbitrary file reading, and file deletion.

Recommendations

To protect their websites, CyberSecurity Malaysia urges WordPress users and administrators to:

1. Update the WordPress File Upload Plugin: Install version 4.25.0 or any newer patched version.
2. Regularly Monitor Plugin Updates: Ensure plugins are always up to date to prevent vulnerabilities.
3. Review the Official Wordfence Security Updates: Follow detailed guidance provided by WordPress security teams.

Patched versions can be found on the WordPress.org plugin page.

Key Takeaways

1. Act Quickly: The vulnerabilities in Google Chrome and WordPress File Upload plugin can lead to severe consequences, including unauthorized access, data breaches, and service disruptions. Immediate action is necessary to mitigate risks.
2. Stay Updated: Regularly updating software, browsers, and plugins is one of the most effective ways to defend against cyber threats.
3. Follow Trusted Sources: Always rely on credible sources such as Google, WordPress, and CyberSecurity Malaysia for updates and advisories.
4. Educate Yourself and Your Team: Awareness of such vulnerabilities and their potential impacts can help individuals and organizations build a proactive security posture.

Conclusion

Both Google and WordPress have acted swiftly to address these vulnerabilities, and now it’s up to users to ensure their systems and websites are secure. CyberSecurity Malaysia’s advisories serve as a crucial reminder of the need for consistent software updates and security monitoring.

By taking timely action, users and administrators can safeguard their digital assets and minimize the risk of exploitation.

Stay updated, stay protected!

Source:

• https://www.mycert.org.my/portal/advisory?id=MA-1233.012025
• https://www.mycert.org.my/portal/advisory?id=MA-1231.012025
• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-file-upload/wordpress-file-upload-42415-unauthenticated-remote-code-execution-arbitrary-file-read-and-arbitrary-file-deletion
• https://chromereleases.googleblog.com/

The post CyberSecurity Malaysia Flags Major Threats in Chrome and WordPress – Are You Safe? appeared first on Cyble.

Blog – Cyble – ​Read More