Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

May 12, 2023

www.hackerzhome.org

Friday

A vulnerability in the WordPress Elementor plugin allowed hackers to take over accounts on 1,000,000 websites.

“Essential Addons for Elementor,” one of the most popular Elementor plugins for WordPress, was discovered to be susceptible to an unauthenticated privilege escalation that might give remote attackers administrator capabilities on the website.


Over a million WordPress sites employ the ‘Elementor’ page builder, which has 90 extensions available as part of the collection called Essential Addons for Elementor.


The vulnerability, listed as CVE-2023-32243 and found by PatchStack on May 8, 2023, affects versions 5.4.0 through 5.7.1 of the plugin and is an unauthenticated privilege escalation vulnerability.


Unauthorized access to sensitive information, website defacement or deletion, virus distribution to users, and brand ramifications including loss of confidence and issues with legal compliance are just a few of the serious effects of this defect.


The CVE-2023-32243 hole does not need remote attackers to log in, but they do need to be aware of a system’s username in order to perform a fraudulent password reset.


The attacker must enter a random value in the POST ‘widget_id’ and ‘page_id’ arguments to prevent the plugin from producing an error message that would lead the website administrator to suspect something, as stated in PatchStack’s report.


In order to validate the password reset request and create a new password on the ‘eael-pass1’ and ‘eael-pass2’ parameters, the attacker must additionally supply the right nonce value on the ‘eael-resetpassword-nonce’.

NEWS 1
A vulnerability in the WordPress Elementor plugin allowed hackers to take over accounts on 1,000,000 websites.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Malware for Linux BPFDoor that is more covert has been discovered in the wild

The Linux virus ‘BPFDoor’ has been updated with more powerful encryption and stealthier reverse shell communications.

The stealthy backdoor virus known as BPFDoor has been there since at least 2017, but security experts didn’t find it until almost a year ago.

The malware’s instructions and filenames were hard-coded, and it employed RC4 encryption, bind shell, and iptables for communication until 2022.

The more recent form examined by Deep Instinct includes reverse shell communication and static library encryption, and all commands are delivered via the C2 server.
The use of a static library allows for improved stealth and obfuscation since it eliminates the need for external libraries, such as one that uses the RC4 cipher algorithm.

The reverse shell has the benefit over the bind shell in that it creates a link from the infected host to the threat actor’s command and control servers, enabling communication with the attackers’ servers even when a firewall is protecting the network.

Finally, by deleting hardcoded commands, anti-virus software is less likely to identify the malware using static analysis, such as signature-based detection.

Theoretically, it also grants it additional adaptability by supporting a wider range of commands.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

May 12, 2023 /

Friday

Hackerzhome News

2

Have you heard?
Russian Government’s Most Sophisticated Cyberespionage Tool Is Neutralized By The US Government Know more!

ABB, a global technology company, has been attacked by Black Basta ransomware.

ABB, a global technology company, has been attacked by Black Basta ransomware.

Leading supplier of automation and electrification technologies from Switzerland, ABB, has apparently been hit by a Black Basta ransomware assault that has affected corporate operations.

ABB, with its headquarters in Zurich, Switzerland, will generate $29.4 billion in revenue in 2022 and employ over 105,000 people. The business creates SCADA and industrial control systems (ICS) for manufacturers and energy suppliers as part of its services.

The business collaborates with a broad spectrum of clients and municipal authorities, including Volvo, Hitachi, DS Smith, the Cities of Nashville, and Zaragoza.

The business was the target of a ransomware assault on May 7th, carried out by Black Basta, a cybercriminal organization that first appeared in April 2022.

To stop the ransomware from infecting other networks, ABB cut down VPN connections with its clients in reaction to the attack.

According to reports, the attack interferes with business operations, delays projects, and has an effect on manufacturing.

NEWS 3

Nine ransomware groups utilized the Babuk malware to encrypt systems running VMware ESXi.

Nine ransomware groups utilized the Babuk malware to encrypt systems running VMware ESXi.
NEWS 4

Babuk’s released source code is being used by more and more ransomware operations to build Linux encryptors that target VMware ESXi machines.

A quick succession of nine Babuk-based ransomware variants that appeared during the second half of 2022 and the early half of 2023 led SentinelLabs security experts to notice this emerging trend.

Since H2 2022, new ransomware families have adapted it to create new Babuk-based ESXi encryptors (and the associated extensions added to encrypted files) a few examples of these file extensions include Play (.FinDom), Mario (.emario), Conti POC (.conti), REvil aka Revix (.rhkrc), Data Locker, Rorschach alias BabLock, Lock4, and RTM Locker.

As anticipated, Babuk’s disclosed constructor has made it possible for attackers to target Linux computers even if they lack the knowledge necessary to create their own unique ransomware strains.

Unfortunately, because so many actors have adopted the same techniques, it has become much more difficult to pinpoint who is responsible for assaults as a result of its usage by other ransomware families.

Recent blog posts

Forget about the newly solved Outlook zero-click problem with Microsoft fixes.

This week, Microsoft patched a security hole that might have allowed remote attackers to get around recent updates for a serious Outlook zero-day security flaw that was being exploited in the wild.

All supported versions of Windows are affected by this zero-click bypass (CVE-2023-29324), which was discovered by Akamai security researcher Ben Barnea.

A privilege escalation problem in the Outlook client for Windows that was patched in March (CVE-2023-23397) allows attackers to obtain NTLM hashes without the user’s knowledge in NTLM-relay attacks.

By sending messages with extended MAPI attributes that contain UNC paths to custom notification sounds, threat actors can take advantage of this vulnerability and get the Outlook client to connect to SMB shares that are under their control.

Microsoft fixed the problem by adding a MapUrlToZone method to make sure that UNC paths don’t go to internet URLs and by substituting default reminders for the sounds in the event that they did.

The URL in reminder messages might be altered to deceive the MapUrlToZone checks into accepting distant URLs as local paths, Barnea found when analyzing the CVE-2023-23397 mitigation.

Forget about the newly solved Outlook zero-click problem with Microsoft fixes.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.