Wordfence analysts have discovered that a fresh 0-day vulnerability in the popular WordPress plugin, BackupBuddy, which has been installed about 140,000 times, is under active attack. Since August 26, 2022, there have been about 5,000,000 hack attempts. The BackupBuddy plugin allows users to backup their entire WordPress installation right from the dashboard, including theme files,… Continue reading 0-day Vulnerability in WordPress BackupBuddy Plugin Attacked Over 5 million Times
Tag: 0-Day
Stores Are under Attack due to 0-Day Vulnerability in PrestaShop
Hackers exploit a 0-day vulnerability in the open-source e-commerce platform PrestaShop and introduce web skimmers to websites designed to steal sensitive information. Last Friday, the PrestaShop team issued an urgent warning, urging the administrators of the approximately 300,000 stores using the software to be more vigilant about security as attacks were discovered targeting the platform.… Continue reading Stores Are under Attack due to 0-Day Vulnerability in PrestaShop
Chrome 0-day Vulnerability Used to Attack Candiru Malware
Avast has discovered that DevilsTongue spyware, created by Israeli company Candiru, exploited a 0-day vulnerability in Google Chrome to spy on journalists and others in the Middle East. The vulnerability in question is the CVE-2022-2294 bug, which was fixed by Google and Apple engineers earlier this month. Let me remind you that we also wrote… Continue reading Chrome 0-day Vulnerability Used to Attack Candiru Malware
CloudMensis Malware Attacks MacOS Users
ESET experts have discovered the CloudMensis malware, which is used to create backdoors on devices running macOS and subsequently steal information. The malware received its name due to the fact that it uses pCloud, Dropbox and Yandex.Disk cloud storages as control servers. Let me remind you that we also wrote that Vulnerability in macOS Leads… Continue reading CloudMensis Malware Attacks MacOS Users
0-Day Vulnerabilities of 2022 Repeat the Mistakes of Past Years
Google Project Zero researcher Maddie Stone published a study on 0-day vulnerabilities in 2022 on GitHub called “0-day In-the-Wild Exploitation in 2022…so far”. According to Stone, 9 of the 18 exploited zero-day vulnerabilities are variants of previously patched vulnerabilities. In many cases, the attacks were not sophisticated, and the attacker could have exploited the vulnerability… Continue reading 0-Day Vulnerabilities of 2022 Repeat the Mistakes of Past Years
Microsoft Is in No Hurry to Fix the Follina Vulnerability, Which Has Become a Real Disaster
Hackers are actively exploiting the critical 0-day Follina vulnerability, which Microsoft is in no hurry to fix. Researchers warn that European governments and municipalities in the US have been targeted by a phishing campaign using malicious RTF documents. Let me remind you that the discovery of Follina became known at the end of May, although… Continue reading Microsoft Is in No Hurry to Fix the Follina Vulnerability, Which Has Become a Real Disaster
Attackers Exploit MSDT Follina Bug to Drop RAT
Security specialists caution users about the exploitation of the recently disclosed Follina Bug found in all supported versions of Windows. Threat actors have actively utilized this vulnerability to install payloads such as the AsyncRAT trojan and infostealer. Understanding the Follina Vulnerability On May 27, 2022, the public became aware of a remote code execution (RCE)… Continue reading Attackers Exploit MSDT Follina Bug to Drop RAT
Information Security Specialists Discovered a 0-day Vulnerability in Windows Search
A new 0-day Windows Search vulnerability could be used to automatically open a search box and launch remote malware, which is easily done by simply opening a Word document. Bleeping Computer says the problem is serious because Windows supports the search-ms protocol URI handler, which allows apps and HTML links to run custom searches on… Continue reading Information Security Specialists Discovered a 0-day Vulnerability in Windows Search
Chinese Hackers Attack Fresh 0-day Follina Vulnerability
Experts have warned that Chinese hackers are already actively exploiting a 0-day vulnerability in Microsoft Office known as Follina to remotely execute malicious code on vulnerable systems. Let me remind you that the discovery of Follina became known a few days ago, although the first researchers discovered the bug back in April 2022, but then… Continue reading Chinese Hackers Attack Fresh 0-day Follina Vulnerability
Attackers Are Already Exploiting the Fresh 0-day Follina Bug in Microsoft Office
Security researchers recently discovered a zero-day vulnerability in Microsoft Office dubbed Follina. The bug can be exploited through the normal opening of a Word document, using it to execute malicious PowerShell commands through the Microsoft Diagnostic Tool (MSDT). Let me remind you that we also wrote that Lapsus$ hack group stole the source codes of… Continue reading Attackers Are Already Exploiting the Fresh 0-day Follina Bug in Microsoft Office