The Week In Review 22/03-26/03

The Week In Review 22/03 – 26/03

An n-day vulnerability has caused huge problems for WordPress, affecting one of the plugins used on the platform. The ‘Ultimate GDPR & CCPA Compliance Toolkit’ was targeted by a bot written in Golang. The plugin which was in an unpatched state allowed the malicious actor to deploy the bot and redirect traffic to malicious sites. Another plugin on the WordPress platform targeted recently was Facebook’s ‘Facebook for WordPress’, where a PHP object injection flaw was exploited allowing the attacker to achieve remote code execution. The malicious JavaScript could be used to hijack Facebook themes or even create new admin accounts for hijacking entire websites.

If you thought this week was eerily absent from any mention of ransomware, we’re sorry to disappoint. The FBI sent out a private industry notification to U.S. organisations warning them of a circulating ransomware called Mamba. Having been around since 2016, previously called HDDCryptor, the ransomware has been targeting a bunch of public sector organisations in the U.S. trapping affected users in a pre-OS boot screen. Whilst it is not clear how widespread these attacks are, it seems serious enough to put the private sector on notice. 

After the huge Microsoft Exchange hack which compromised thousands of organisations globally, Microsoft has said that 92% of the vulnerable exchange servers have been patched. The hack, thought to have been carried out by a Chinese hacking group called Hafnium, utilized zero day vulnerabilities and successfully breached thousands of email servers. The U.S. says that the situation is still an active threat, and that patching already compromised systems is not sufficient. However, alongside the patching Microsoft has also released a mitigation guide and created a one-click mitigation tool to stop an attack chain forming.

As cyber security becomes a more prominent concern for organisations globally, the trend of growth for the companies in the sector is only increasing. Following from last weeks news of some impressive funding rounds this week is no different. Cyber Security start-up Morphisec, based in Israel and the U.S. closed a $31m funding round led by veteran investors JVP. The company’s technology works to obfuscate the location of application code components every time a workload is uploaded so hackers can’t predict the where a targeted component may land. In addition to this Tel-Aviv based cloud security firm Axis closed their own $50m funding round, with the investment going toward expanding both its product and business development. The funding round is the companies Series C and brings the total investment in the firm to $100m. As with the growth of many cyber security businesses, they have attributed the recent spike in demand to the Covid-19 pandemic and being well positioned to secure the now the increasing distributed networks of organisations globally. 

Ensure your company is equipped to deal quickly and effectively with any breach. Dionach provide industry leading Cyber Security Incident Response (CSIR) for organisations globally. 

Read about all of this and more below:

Golang bot targets WordPress sites

Forex broker leaks billions of customer records

92% of Exchange hack servers patched

Morphisec closes $31m funding round

FBI sends out private industry alert

Ransomware gangs target schools and universities

Bitdefender release free DarkSide ransomware decrypter

Find out how we can help with your cyber challenge

Please enter your contact details using the form below for a free, no obligation, quote and we will get back to you as soon as possible. Alternatively, you can email us directly at [email protected]

Related Posts


Dionach Achieves JOSCAR Registration

A Milestone in Aerospace, Defence, and Security Compliance We are thrilled to announce that Dionach is now a registered supplier on the defence portal JOSCAR, managed by Hellios. This significant achievement underscores our commitment to excellence and compliance in the aerospace, defence, and security sectors. Being JOSCAR registered not only reflects our dedication to maintaining […]

Dionach Joins the ADS Group

A New Chapter in Aerospace, Defence, and Space Innovation We are thrilled to announce that Dionach has been officially approved as a member of ADS, the UK’s premier Aerospace, Defence, and Space industry trade association! This prestigious certification underscores our commitment to excellence and innovation within these critical sectors. As an ADS member, we look […]

Dynamic Cybersecurity: Latest Trends and Updates

In today’s interconnected digital world, the field of cybersecurity is constantly evolving to keep up with emerging threats and vulnerabilities. Staying updated with the latest developments is crucial for individuals and organisations alike to protect their sensitive information from malicious actors. In this blog post, we will explore some of the most significant updates and […]
Contact Us

Contact Us React out to one of our cyber experts and we will arrange a call