Critical WordPress plugin zero-day under active exploitation

Threat actors are scanning for sites running the Fancy Product Designer plugin to exploit a zero-day bug allowing them to upload malware. Fancy Product Designer is a visual product configurator plugin for WordPress, WooCommerce, and Shopify, and it allows customers to customize products using their own graphics and content. Attackers who exploit the plugin can bypass built-in checks that block malicious files, and upload executable PHP files on sites where the plugin is installed. This allows the threat actors to completely take over vulnerable sites following remote code execution attacks.

(Bleeping Computer)

Cyberattack forces meat producer to shut down operations in U.S., Australia – Russia suspected

Global food distributor JBS Foods suffered a cyberattack over the weekend that disrupted several servers supporting IT systems and could affect the supply chain for some time. Attackers targeted several servers supporting North American and Australian IT systems of JBS Foods on Sunday, according to a statement by JBS USA. JBS is a global provider of beef, chicken, and pork with 245,000 employees operating on several continents and serving brands such as Country Pride, Swift, Certified Angus Beef, Clear River Farms and Pilgrim’s. JBS notified the White House that the ransom demand came from a criminal organization likely based in Russia. The White House is engaging directly with the Russian government on this matter. 

(ThreatPost and The Guardian)

LinkedIn data shows Austin is biggest winner in tech migration

The Texas capital captured a net inflow of 217 software and information technology company workers per 10,000 existing ones, according to data from May 2020 to April 2021 provided by LinkedIn. That’s the best net migration rate among 35 metropolitan areas with gross tech migration of at least 2,000 LinkedIn users in the past 12 months. There’s no telling whether this will last, with many tech companies eyeing large scale return to the office policies, but for now, Austin, Nashville, Charlotte, Jacksonville and Denver are proving the most attractive places to work.

(Bloomberg)

Researchers uncover four new malware tools designed to exploit Pulse Secure VPNs

As part of an ongoing story, cybersecurity researchers from FireEye have revealed that Chinese threat actors are exploiting the vulnerabilities in Pulse Secure’s Virtual Private Network (VPN) and Secure Connect (PSC) devices. The APT groups UNC2630 and UNC2717 are targeting various sectors including government, defense, technology, transport, and financial entities in the U.S. and Europe. The four new malware families being used are: BLOODMINE for data extraction, BLOODBANK for credential theft, CLEANPULSE, a memory patching utility, and RAPIDPULSE, a web shell capable of replacing or modifying a legitimate Pulse Secure file.

(CISO Mag)

Thanks to our episode sponsor, ReversingLabs

Recent supply chain attacks and executive orders have left 1000’s scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com.

Malware can bypass ransomware defense in antivirus solutions

Researchers from the Universities of Luxembourg and London have disclosed significant security weaknesses in popular antivirus software applications that may allow ransomware to pass through. Protected folders allow users to specify folders that require an additional layer of protection against destructive software and a small set of whitelisted applications is granted privileges to write to protected folders. The researchers revealed how ransomware could control a trusted application like Notepad to overwrite the folder contents with the copied malicious code, bypassing the antivirus defenses.

(The Hacker News)

The back-to-work spearfishing campaigns have begun

Researchers from Cofense Phishing Defense Center (PDC) have uncovered a phishing campaign aimed at gathering login credentials from employees by posing as the Chief Information Officer (CIO). The messages pretend to provide information about changes to business operations the company is taking relative to the COVID-19 pandemic. The emails were crafted to steal company and personal credentials, they include a link to a fake Microsoft SharePoint page with two documents that outline new business operations. Upon clicking on the documents, victims have displayed a login panel that prompts them to provide login credentials to access the files. There will likely be many be many stories to this in coming weeks.

(Security Affairs)

Microsoft fixes Microsoft Edge 91 nag screens, but taskbar glitches remain

Following up on a story from Monday, Microsoft has pushed out a fix for the Microsoft Edge 91 startup bugs and nag screens plaguing users since the new version of the browser was released. Last week, Microsoft Edge 91 was released, and users immediately began reporting that the browser was not opening to their configured startup page, and a ‘Use recommended browser settings’ nag screen being shown too often. Also, the latest Windows 10 2004, 20H2, and 21H1 preview update have resulted in display glitches where tray icons disappear, get pushed to the right, overlay each other, or get pushed off the edge of the screen for some users. It is expected that a fix will be delivered by this month’s Patch Tuesday, June 8.

(Bleeping Computer)

New bug in Siemens PLCs could let hackers run malicious code remotely

Siemens the manufacturer of programmable logic controllers on Friday shipped firmware updates to address a severe vulnerability in their SIMATIC S7-1200 and S7-1500 PLCs that could be exploited to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution. Siemens is “strongly” recommending users to update to the latest versions to reduce the risk. There’s no evidence that the weakness was abused in the wild.

(The Hacker News)