May 19, Softpedia – (International) A quarter of all hacked WordPress sites can be attributed to three plugins. Sucuri conducted an investigation on over 11,485 compromised Web sites and released its “Website Hacked Report” which revealed that during the first 3 months of 2016, 78 percent of hacked Web sites were using the WordPress Content Management System (CMS) platform and found that attackers were primarily using outdated plugins to hack WordPress sites. Outdated plugins included RevSlider, GravityForms, and TimThumb, but officials concluded that only 56 percent of all WordPress sites were running outdated WordPress core versions. Source
May 19, Softpedia – (International) TeslaCrypt ransomware project appears to shut down, offers free decryption key. Security researchers from ESET found that the TeslaCrypt ransomware operation will be shut down and the operators of the ransomware agreed to offer a master decryption key for all victims infected with the TeslaCrupt v3 and v4 after a researcher contacted the ransomware operator using the ransom Web site hosted on the Dark Web via their support channel. Source
May 18, Agence France-Presse – (International) Cyber attackers target US presidential campaigns: Official. The DHS and the FBI are investigating cyberattacks against the campaigns of the U.S. presidential candidates after the director of the U.S. National Intelligence Council reported there were indications that revealed cyber attackers were targeting both the Democratic and Republican representatives. Officials stated the attacks could range from defacement to intrusion. Source
May 18, SecurityWeek – (International) Macro malware makes improvements on hiding malicious code. Security researchers from Microsoft’s Malware Protection Center discovered a new variation of the Donoff macro malware had evolved to avoid detection after finding that the malware was disseminated via spam email campaigns with attachments made to look non-malicious. The attachments contain seven Visual Basic for Applications (VBA) modules with an encrypted string in the Caption field for CommandButton3 and an unusual code in Module2. Source
May 18, PC Magazine – (International) 117M LinkedIn passwords leaked. LinkedIn officials reported May 18 that an additional 117 million LinkedIn users’ emails and passwords were compromised as attackers were discovered selling the information on the Dark Web May 16 following a 2012 breach where a hacker named “Peace” gained unauthorized access and compromised more than 6 million users’ accounts. The social network reported that the additional compromised accounts were not a result of a new security breach and were working to apply a password reset to potentially compromised accounts. Source
Reprinted from the USDHS Daily Open Source Infrastructure Report