Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

/in

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites.
The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user 

The Hacker News – ​Read More

Hackers Exploit LiteSpeed Cache Flaw to Create WordPress Admins

/in

WPScan observed in April increased exploitation activity against WordPress sites with versions of the plugin older than 5.7.0.1, which are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000.

Cyware News – Latest Cyber News – ​Read More

Law Enforcement Agencies Identified LockBit Ransomware Admin and Sanctioned Him

/in

The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’, and issued sanctions against him.

Cyware News – Latest Cyber News – ​Read More

LockBit Honcho Faces Sanctions, With Aussie Org Ramifications

/in

Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.

darkreading – ​Read More

Chinese Hackers Deployed Backdoor Quintet to Down MITRE

/in

MITRE’s hackers made use of at least five different Web shells and backdoors as part of their attack chain.

darkreading – ​Read More

Major UK Security Provider Leaks Trove of Guard and Suspect Data

/in

By Deeba Ahmed

Over 1.2 million records were exposed in a major data breach at UK security firm Amberstone. Learn the potential impact, what to do if affected, and how to stay secure.

This is a post from HackRead.com Read the original post: Major UK Security Provider Leaks Trove of Guard and Suspect Data

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Wiz Announces $1B Funding Round, Plans More M&A

/in

Much of the funding will be used for product development and talent acquisition to cover more ground as the cybersecurity industry continues to evolve.

darkreading – ​Read More

Does CISA’s KEV Catalog Speed Up Remediation?

/in

Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough.

darkreading – ​Read More

What’s the Future Path for CISOs?

/in

A panel of former CISOs will lead the closing session of this week’s RSA Conference to discuss challenges and opportunities.

darkreading – ​Read More

Security researchers say this scary exploit could render all VPNs useless

/in

VPNs are no longer safe if these security researchers are right.

Latest stories for ZDNET in Security – ​Read More