A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites.
The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-08 09:07:132024-05-08 09:07:13Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
WPScan observed in April increased exploitation activity against WordPress sites with versions of the plugin older than 5.7.0.1, which are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000.
The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’, and issued sanctions against him.
Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-07 22:06:592024-05-07 22:06:59Chinese Hackers Deployed Backdoor Quintet to Down MITRE
Over 1.2 million records were exposed in a major data breach at UK security firm Amberstone. Learn the potential impact, what to do if affected, and how to stay secure.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-07 22:06:592024-05-07 22:06:59Major UK Security Provider Leaks Trove of Guard and Suspect Data
Much of the funding will be used for product development and talent acquisition to cover more ground as the cybersecurity industry continues to evolve.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-07 21:06:322024-05-07 21:06:32What’s the Future Path for CISOs?
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-07 20:06:472024-05-07 20:06:47Security researchers say this scary exploit could render all VPNs useless
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
/in General NewsA high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites.
The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user
The Hacker News – Read More
Hackers Exploit LiteSpeed Cache Flaw to Create WordPress Admins
/in General NewsWPScan observed in April increased exploitation activity against WordPress sites with versions of the plugin older than 5.7.0.1, which are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000.
Cyware News – Latest Cyber News – Read More
Law Enforcement Agencies Identified LockBit Ransomware Admin and Sanctioned Him
/in General NewsThe FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’, and issued sanctions against him.
Cyware News – Latest Cyber News – Read More
LockBit Honcho Faces Sanctions, With Aussie Org Ramifications
/in General NewsAustralian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.
darkreading – Read More
Chinese Hackers Deployed Backdoor Quintet to Down MITRE
/in General NewsMITRE’s hackers made use of at least five different Web shells and backdoors as part of their attack chain.
darkreading – Read More
Major UK Security Provider Leaks Trove of Guard and Suspect Data
/in General NewsBy Deeba Ahmed
Over 1.2 million records were exposed in a major data breach at UK security firm Amberstone. Learn the potential impact, what to do if affected, and how to stay secure.
This is a post from HackRead.com Read the original post: Major UK Security Provider Leaks Trove of Guard and Suspect Data
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Wiz Announces $1B Funding Round, Plans More M&A
/in General NewsMuch of the funding will be used for product development and talent acquisition to cover more ground as the cybersecurity industry continues to evolve.
darkreading – Read More
Does CISA’s KEV Catalog Speed Up Remediation?
/in General NewsVulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough.
darkreading – Read More
What’s the Future Path for CISOs?
/in General NewsA panel of former CISOs will lead the closing session of this week’s RSA Conference to discuss challenges and opportunities.
darkreading – Read More
Security researchers say this scary exploit could render all VPNs useless
/in General NewsVPNs are no longer safe if these security researchers are right.
Latest stories for ZDNET in Security – Read More