April 21, Softpedia – (International) Highly popular WordPress plugins vulnerable to XSS attacks. A security researcher from Scrutinizer discovered an issue with two coding functions used in many content management system (CMS) plugins created by WordPress developers that could allow attackers to run cross-site scripting (XSS) attacks and access sensitive areas of affected Web sites. The vulnerability was a result of improper documentation regarding external users’ ability to run commands via the functions. Source
April 21, Softpedia – (International) iOS apps from developers vulnerable to HTTPS data decryption. Research from SourceDNA revealed that almost 1,000 iOS apps are vulnerable to a security flaw in build 2.5.1 of open source AFNetworking that disables secure sockets layer (SSL) certificate validation, which could allow attackers to carry out man-in-the-middle (MitM) attacks and read encrypted information in plain text. The flaw was patched in late March, but many developers have not yet integrated the updated code. Source
April 21, Softpedia – (International) Fake antivirus delivered to users in the US via Fiesta exploit kit. Security researchers at Trend Micro discovered that cybercriminals have switched the payload delivered via the Fiesta exploit kit (EK) from crypto-malware such as TeslaCrypt to a fake antivirus program called "Antivirus Pro 2015" that disables Windows tools and software that could deactivate it, before requiring users to pay to remove the infection. Researchers reported that Fiesta EK distributors targeted the U.S. more than any other country in March. Source
April 21, Help Net Security – (International) New fileless malware found in the wild. Security researchers at Trend Micro discovered that a new fileless malware, dubbed Phasebot, uses Microsoft Windows PowerShell to evade detection and run components hidden in the Windows registry, contains an external module loader to add and remove functionalities on infected systems, and can execute numerous routines per the instruction of the bot administrator. Source
April 20, Softpedia – (International) New ransomware "Threat Finder" delivered by Angler exploit kit. Security researchers at Rackspace discovered that a new piece of crypto-malware called Threat Finder has been distributed in drive-by attacks via Bedep malware downloaded by the Angler exploit kit (EK). The crypto-malware encrypts important file types including documents, media files, and database formats before asking affected users for bitcoin in exchange for the decryption key. Source
April 20, IDG News Service – (International) Pushdo spamming botnet gains strength again. Security researchers at Fidelis Cybersecurity reported that an updated version of the Pushdo botnet has infected systems in over 50 countries with the Fareit and Cutwail malware as well as the Dyre and Zeus banking trojans. The spamming botnet has been in operation since 2007 due to its frequently changing command and control (C&C) system that generates 30 domain names a day that infected computers can contact. Source
April 20, Securityweek – (International) Malicious hackers can exploit a vulnerability in Magento to access credit card data. Security researchers at Check Point Software identified a security hole in unpatched versions of eBay’s Magento e-commerce platform that contain remote code execution (RCE) vulnerabilities that could allow attackers to execute hypertext preprocessor (PHP) code on Web servers containing online stores in order to gain access to databases containing customers’ credit card, financial, and personal information. Source