The Week In Review 22/03 – 26/03

An n-day vulnerability has caused huge problems for WordPress, affecting one of the plugins used on the platform. The ‘Ultimate GDPR & CCPA Compliance Toolkit’ was targeted by a bot written in Golang. The plugin which was in an unpatched state allowed the malicious actor to deploy the bot and redirect traffic to malicious sites. Another plugin on the WordPress platform targeted recently was Facebook’s ‘Facebook for WordPress’, where a PHP object injection flaw was exploited allowing the attacker to achieve remote code execution. The malicious JavaScript could be used to hijack Facebook themes or even create new admin accounts for hijacking entire websites.

If you thought this week was eerily absent from any mention of ransomware, we’re sorry to disappoint. The FBI sent out a private industry notification to U.S. organisations warning them of a circulating ransomware called Mamba. Having been around since 2016, previously called HDDCryptor, the ransomware has been targeting a bunch of public sector organisations in the U.S. trapping affected users in a pre-OS boot screen. Whilst it is not clear how widespread these attacks are, it seems serious enough to put the private sector on notice. 

After the huge Microsoft Exchange hack which compromised thousands of organisations globally, Microsoft has said that 92% of the vulnerable exchange servers have been patched. The hack, thought to have been carried out by a Chinese hacking group called Hafnium, utilized zero day vulnerabilities and successfully breached thousands of email servers. The U.S. says that the situation is still an active threat, and that patching already compromised systems is not sufficient. However, alongside the patching Microsoft has also released a mitigation guide and created a one-click mitigation tool to stop an attack chain forming.

As cyber security becomes a more prominent concern for organisations globally, the trend of growth for the companies in the sector is only increasing. Following from last weeks news of some impressive funding rounds this week is no different. Cyber Security start-up Morphisec, based in Israel and the U.S. closed a $31m funding round led by veteran investors JVP. The company’s technology works to obfuscate the location of application code components every time a workload is uploaded so hackers can’t predict the where a targeted component may land. In addition to this Tel-Aviv based cloud security firm Axis closed their own $50m funding round, with the investment going toward expanding both its product and business development. The funding round is the companies Series C and brings the total investment in the firm to $100m. As with the growth of many cyber security businesses, they have attributed the recent spike in demand to the Covid-19 pandemic and being well positioned to secure the now the increasing distributed networks of organisations globally. 

Ensure your company is equipped to deal quickly and effectively with any breach. Dionach provide industry leading Cyber Security Incident Response (CSIR) for organisations globally. 

Read about all of this and more below:

Golang bot targets WordPress sites
(zdnet.com)

Forex broker leaks billions of customer records
(infosecurity-magazine.com)

92% of Exchange hack servers patched
(zdnet.com)

Morphisec closes $31m funding round
(siliconangle.com)

FBI sends out private industry alert
(therecord.com)

Ransomware gangs target schools and universities
(zdnet.com)

Bitdefender release free DarkSide ransomware decrypter
(itsecurityguru.org)