Security news weekly round-up - 15th March 2024

Habdul Hazeez - Mar 15 - - Dev Community

Introduction

Hello and welcome to this week's edition of our security review. This week we will review articles that cover vulnerabilities and malware.


Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks

It's a stored XSS vulnerability. The good news: the developer has fixed it. The bad news: at the time of writing, half of the plugin users could still be vulnerable. What to do if you're affected? Update immediately.

More about the flaw:

Tracked as CVE-2024-2123, the vulnerability is described as a stored cross-site scripting (XSS) issue via several parameters, allowing attackers to inject web scripts into a site’s pages, to be executed whenever those pages are loaded.

Never-before-seen Linux malware gets installed using 1-day exploits

They want money, and they are willing to reverse engineer patches to attack systems that have not installed the patches.

Here is more for you:

The newly identified malware is a Linux variant of NerbianRAT, a remote access Trojan first described in 2022 by researchers at security firm Proofpoint. Last Friday, Checkpoint Research revealed that the Linux version has existed since at least the same year

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

Malware exploiting a vulnerability is NEVER a good thing. Sadly, that's the case in this situation. The lesson here: keep your WordPress site updated. If you still doubt that, read the excerpt below.

The latest set of attacks lead to the injection of malicious code, which comes in two different variants and is designed to redirect site visitors to other sites such as phishing and scam pages.

WordPress site owners are recommended to keep their plugins up-to-date as well as scan their sites for any suspicious code or users, and perform appropriate cleanup.

ChatGPT Plugin Vulnerabilities Exposed Data, Accounts

If you have been following ChatGPT for a while, this article might not surprise you. Nonetheless, we have to talk about it. First, it seems that it happened in the summer of 2023, and they have fixed it. Secondly, it's reported that the research team behind the story has found more vulnerabilities in GPTs as well.

More for you:

The first vulnerability identified by Salt Security impacted ChatGPT directly and it was related to OAuth authentication.

The second vulnerability was found in the AskTheCode plugin developed by PluginLab.AI, which enables users to interact with their GitHub repositories.

The third vulnerability was also related to OAuth and it was found to impact several plugins

Major CPU, Software Vendors Impacted by New GhostRace Attack

What comes to your memory after reading the article's title? If it's Meltdown and Spectre, give yourself a pat on the back because you did good 😊.

Here is more about the attack:

In order to launch an attack and win a speculative race condition, the execution of the victim process must be interrupted at the right point and kept there to allow the attacker to perform what researchers describe as a Speculative Concurrent Use-After-Free (SCUAF) attack.

They achieved this using a new technique called Inter-Process Interrupt (IPI) Storming

Hackers can read private AI-assistant chats even though they’re encrypted

When you build software, have the following in mind: there are people out there who are willing to spend time and resources just to break it. In this case, it's a research team. Nonetheless, it's still scary.

Here is why:

The attack is passive and can happen without OpenAI or their client's knowledge. OpenAI encrypts their traffic to prevent these kinds of eavesdropping attacks, but our research shows that the way OpenAI is using encryption is flawed, and thus the content of the messages are exposed.

Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints

It's serious, and they're advising all affected parties to update to version 1.28.4. The excerpt below contains more information about the vulnerability.

The issue, tracked as CVE-2023-5528 and impacting default Kubernetes installations, exists in the way the open source container orchestration system processes YAML files

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .