WPBakery Page Builder Plugin’s Vulnerability Affects 1.6 Million WordPress Sites
The WordPress plugin, which allows editing and customizing WordPress pages without writing any code, is vulnerable to a vulnerability that could allow file uploads without authentication. Threat actors are hacking campaigns targeting approximately 1.6 million WordPress sites through this vulnerable plugin.
Due to the low probability of getting an update, it is recommended that the plugin be removed from use immediately, and alternatives should be found.
In addition, even if the plugin is not used, it is recommended that the IP addresses detected in the attack campaign be blocked from the security devices in use.
Premint Security Breach Caused 314 NFTs Hijacking
It has been detected that the Premint platform, which NFT artists and collectors widely use, was compromised by threat actors on July 17, 2022, and 314 NFTs were hijacked.
Six accounts were directly affected by the said attack, and 275 ETH cryptocurrencies worth approximately $375,000 were seized. Here are some security steps to consider in order not to be affected by similar security breaches;
- The login information used in crypto wallets should be created using unique and strong policies.
- Direct NFT trading should not be performed with wallets containing crypto assets. In this process, assets should be distributed using different wallets.
- Cryptocurrency wallets should not be connected to platforms unsure of their reliability.
- Finally, care should be taken not to have any other browser add-ons in browsers with crypto wallets used as browser add-ons, such as Metamask.
MageCart E-Skimmer Attacks Targeted 311 Restaurants in the USA
The campaign started on January 18, 2022, targeting 80 restaurants using MenuDrive and 74 restaurants using the Harbortouch platform. InTouchPOS, on the other hand, was targeted by another MageCart campaign on November 12, 2021, which resulted in e-skimmer infections in 157 restaurants using the platform. It was observed that 50,000 bank card information seized in the campaign, which affected 311 restaurants in total, was put up for sale on Dark Web platforms.
Advanced digital security technologies must be used to prevent Magecart attacks. Data Breach Monitoring services are a preferable solution to protect e-commerce sites against potential breaches. Additionally, for e-commerce providers, It is recommended to ensure that the software, hardware, and tools being used are up-to-date, request third-party service providers to have their code checked, and apply HTTP Content-Security-Policy principles which provide an additional layer of protection against potential attacks. The precautions that customers using e-commerce services should take in order not to be affected by similar security breaches are as follows;
- Personal information should not be entered on unreliable/suspicious websites,
- Virtual cards created for e-commerce transactions should be used,
- Make sure that the visited page is not a fake domain with a similar name created by threat actors,
IOC findings such as IP addresses and domains known to be used by threat actors in these campaigns should be blocked from security solutions in use.