BleepingComputer.com

"Critical Forminator plugin flaw impacts over 300k Wordpress sites."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 21 April 2024, 1354 UTC.

Content and Source:  https://www.bleepingcomputer.com/BleepingComputer.com.

Please scroll down to read your articles.  To access today's and past posts, please check the "Archive" tab in the blog sidebar.

Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Get work organized with $230 off Microsoft Project Professional 2021

  • Project management is increasingly a central job skill, and professional tools make it easier to perform. This Microsoft Project Professional 2021 instant download helps you make it happen for $19.97, $230 off the $249 MSRP, now through 11:59pm PST April 22nd.

    • BLEEPINGCOMPUTER DEALS
    •  
    • APRIL 21, 2024
    •  
    • 08:19 AM
    •  
    • Comment Count 0
  • WordPress
     

Critical Forminator plugin flaw impacts over 300k WordPress sites

  • The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.

  • GitHub
     

GitHub comments abused to push malware via Microsoft repo URLs

  • A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy.

  • Datacenter Network Switch
     

Preparing for IT exams? This library of study guides is now under $30

  • With this deal, you get lifetime access to the library of 10 study guides on desktop and mobile devices worth $259, but you can get them today for just $29.99.

    • BLEEPINGCOMPUTER DEALS
    •  
    • APRIL 20, 2024
    •  
    • 08:09 AM
    •  
    • Comment Count 0
  • Bitcoin Lock
     

The Week in Ransomware - April 19th 2024 - Attacks Ramp Up

  • While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void.

  • CrushFTP
     

CrushFTP warns users to patch exploited zero-day “immediately”

  • CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately.

  • Hello Kitty Ransomware
     

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

  • An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks..

  • MITRE
     

MITRE says state hackers breached its network via Ivanti zero-days

  • The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.

  • United Nations Development Programme UNDP
     

United Nations agency investigates ransomware attack, data theft

  • ​The United Nations Development Programme (UNDP) is investigating a cyberattack after threat actors breached its IT systems to steal human resources data.

  • Palo Alto
     

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks

  • Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024.

  • Visio
     

Save $230 off Microsoft Visio Professional 2021 in this flash sale

  • Visualizing data pulls out the most important aspects of it. This instant download of Microsoft Visio 2021 Professional for Windows helps you do that for $19.97, $230 off the $249 MSRP in our flash sale only going on until 11:59pm PST April 22nd.

    • BLEEPINGCOMPUTER DEALS
    •  
    • APRIL 19, 2024
    •  
    • 07:12 AM
    •  
    • Comment Count 0
  • Data theft data breach hacker cyberattack
     

Fake cheat lures gamers into spreading infostealer malware

  • A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too.

  • Frontier
     

Frontier Communications shuts down systems after cyberattack

  • ​American telecom provider Frontier Communications is restoring systems after a cybercrime group breached some of its IT systems in a recent cyberattack.

  • Simone Veil
     

840-bed hospital in France postpones procedures after cyberattack

  • The Hospital Simone Veil in Cannes (CHC-SV) has announced that it was targeted by a cyberattack on Tuesday morning, severely impacting its operations and forcing staff to go back to pen and paper.

  • Hackers cryptocurrency
     

FBI: Akira ransomware raked in $42 million from 250+ victims

  • According to a joint advisory from the FBI, CISA, Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments.

  • Security Cybersecurity
     

Get started in ethical hacking with $98 off this training bootcamp

  • Ethical hacking helps you go on the offensive against digital crooks. Learn how it works with these 11 white-hat hacking courses for $44.99, $98 off the $143 MSRP.

    • BLEEPINGCOMPUTER DEALS
    •  
    • APRIL 18, 2024
    •  
    • 02:11 PM
    •  
    • Comment Count 0
  • Whale
     

Google ad impersonates Whales Market to push wallet drainer malware

  • A legitimate-looking Google Search advertisement for the crypto trading platform 'Whales Market' redirects visitors to a wallet-draining phishing site that steals all of your assets.

  • Microsoft Office
     

Microsoft Office LTSC 2024 preview available for Windows, Mac

  • A preview of Microsoft Office LTSC 2024, a volume-licensed and perpetual version of Office for commercial customers, is now available for Windows and macOS users.

  • Lastpass
     

Cybercriminals pose as LastPass staff to hack password vaults

  • LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft.

  • Android
     

Add a 5G Android tablet to your gear with $130 off this TCL Tab 10

  • A good tablet is a crucial piece of your work gear, as a second screen, an entertainment center, and much more. This TCL 5G tablet provides power and space for $119.99, $130 off the $249 MSRP.

    • BLEEPINGCOMPUTER DEALS
    •  
    • APRIL 18, 2024
    •  
    • 07:19 AM
    •  
    • Comment Count 0
VIEW MORE

Comments

Popular posts from this blog

The Cyberwire Daily Briefing

BleepingComputer.com

SecurityWeek Briefing