Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin

Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin,

Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites.
Plugin Vulnerabilities, which disclosed the flaw last week, said the bug was introduced in version 3.6.0 that was released on March 22, 2022. Roughly 37% of users of the

,

Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites.
Plugin Vulnerabilities, which disclosed the flaw last week, said the bug was introduced in version 3.6.0 that was released on March 22, 2022. Roughly 37% of users of the

, ,
https://thehackernews.com/2022/04/critical-rce-flaw-reported-in-wordpress.html

Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector

Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector,

The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity’s Ronin Network last month.
On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets Control’s (OFAC)

,

The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity’s Ronin Network last month.
On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets Control’s (OFAC)

, ,
https://thehackernews.com/2022/04/lazarus-hackers-behind-540-million-axie.html

GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens

GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens,

Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations.
« An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM

,

Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations.
« An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM

, ,
https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html

JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots

JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots,

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples.
« Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information, »

,

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples.
« Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information, »

, ,
https://thehackernews.com/2022/04/new-jekyllbot5-flaws-let-attackers-take.html

Une faille dans la place de marché Rarible a permis de dérober facilement des NFT

Une faille dans la place de marché Rarible a permis de dérober facilement des NFT,

Un lien vers un NFT vérolé pouvait provoquer le transfert quasi automatique de NFT d’un portefeuille vers un autre. Effrayant de simplicité.

,

Un lien vers un NFT vérolé pouvait provoquer le transfert quasi automatique de NFT d’un portefeuille vers un autre. Effrayant de simplicité.

, ,
https://www.01net.com/actualites/une-faille-dans-la-place-de-marche-rarible-a-permis-de-derober-facilement-des-nft-2055922.html

Comment les hackers nord-coréens sont passés maîtres dans le vol de cryptomonnaies

Comment les hackers nord-coréens sont passés maîtres dans le vol de cryptomonnaies,

Le deuxième plus grand hack de tous les temps — 500 millions d’euros siphonnés auprès de Ronin Network — vient d’être attribué aux pirates de Pyongyang. Ces derniers dévalisent la cryptofinance depuis cinq ans avec succès.

,

Le deuxième plus grand hack de tous les temps — 500 millions d’euros siphonnés auprès de Ronin Network — vient d’être attribué aux pirates de Pyongyang. Ces derniers dévalisent la cryptofinance depuis cinq ans avec succès.

, ,
https://www.01net.com/actualites/comment-les-hackers-nord-coreens-sont-passes-maitres-dans-le-vol-de-cryptomonnaies-2055918.html

Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free

Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free,

A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes.
« It features the ability to steal sensitive information from victims and can download additional malware to infected systems, » Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer 

,

A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes.
« It features the ability to steal sensitive information from victims and can download additional malware to infected systems, » Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer 

, ,
https://thehackernews.com/2022/04/haskers-gang-gives-away-zingostealer.html

Chrome : Google corrige en urgence une faille exploitée par des pirates, mettez vite votre navigateur à jour !

Chrome : Google corrige en urgence une faille exploitée par des pirates, mettez vite votre navigateur à jour !,

Une confusion de type dans le moteur JavaScript incite le géant informatique à diffuser un patch qu’il est fortement recommandé d’installer le plus vite possible.

,

Une confusion de type dans le moteur JavaScript incite le géant informatique à diffuser un patch qu’il est fortement recommandé d’installer le plus vite possible.

, ,
https://www.01net.com/actualites/chrome-google-corrige-en-urgence-une-faille-exploitee-par-des-pirates-mettez-vite-votre-navigateur-a-jour-2055915.html

La police démantèle RaidForums, le supermarché des données volées

La police démantèle RaidForums, le supermarché des données volées,

Utilisé par plus de 500 000 hackers, ce site était l’un des principaux espaces d’échange de bases de données volées. Il était piloté par un jeune homme de 21 ans, arrêté au Royaume-Uni.

,

Utilisé par plus de 500 000 hackers, ce site était l’un des principaux espaces d’échange de bases de données volées. Il était piloté par un jeune homme de 21 ans, arrêté au Royaume-Uni.

, ,
https://www.01net.com/actualites/la-police-demantele-raidforums-le-supermarche-des-donnees-volees-2055893.html

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software,

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.
Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the

,

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.
Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the

, ,
https://thehackernews.com/2022/04/critical-auth-bypass-bug-reported-in.html