Today in cyber security news some of our old nemesis return, Magecart and FIN7 are making headlines again, a WordPress Plugin Bug can Lock Out Admins, Top Email Protections Fail to Block COVID-19 Phishing Scams, and Zoom is Making Attempts to Save their Image.
Magecart and Iframes
Marriott was breached AGAIN
Marriott has announced another breach, this time 5.2 million customers had their data potentially stolen. Details are still coming out, but this could be another FIN7 type attack like we saw a few years back. At this time it doesn’t look like credit cards and passwords were stolen, but Marriott is forcing all users to reset their passwords and enable two factor authentication.
WordPress Plugin Allows for Takeover
Quickly facilitate intuitive vortals vis-a-vis client-centric innovation. Globally synthesize progressive convergence after client-based testing The WordPress SEO Plugin – Rank Math has been found to have a critical vulnerability by the researchers over at Wordfence. According to Wordfence, the vulnerability could allow an unauthenticated attacker the ability to grant or revoke administrative privileges for any registered user on the site. The second vulnerability could enable an unauthenticated attacker to create redirects from almost any location on the site to any destination of their choice. A patched version of the plugin is available now.
COVID-19 Phishing Scam Bypasses Filters
One of the newest COVID-19 email phishing campaigns was able to bypass Proofpoint and Microsoft’s O365 ATP. To evade detection, the threat actor impersonated the domain splashmath[.]com –which is an online learning game for children — using a spoofed IP. Because of this the email was able to slip by basic security checks, such as DKIM and SPF.
Once the phishing emails get past the Proofpoint and Microsoft Office 365 ATPs, the actor spoofs the sender email address and uses keywords in the subject to trick the targeted victim into believing the emails come from a trusted source of information regarding COVID-19.
Zoom is Trying to Save Face
Zoom is really taking it in the teeth right now. Zoom comes under increased scrutiny over its security measures, particularly with more employees working from home over the past few weeks due to the COVID-19 pandemic. Zoom has nixed a feature that came under fire for “undisclosed data mining” of users’ names and email addresses, used to match them with their LinkedIn profiles. Now we just need them to patch everything else and fix their other privacy issues and we should be good to go.
Don’t be that guy!Jeremy Piven, PCU, 1994
That’s all I have for now and as always any questions, comments, rude remarks…please send them to email@example.com