Friday, May 10th, 2024

Cybersecurity Week in Review (10/05/24)

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites.

The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user and wp‑configuser.

CVE-2023-40000, which was disclosed by Patchstack in February 2024, is a stored cross-site scripting (XSS) vulnerability that could permit an unauthenticated user to elevate privileges by means of specially crafted HTTP requests.

Source –

DocGo discloses cyberattack after hackers steal patient health data

Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data.

DocGo is a healthcare provider that offers mobile health services, ambulance services, and remote monitoring for patients in thirty US states and across the United Kingdom.

In a Tuesday evening FORM 8-K filing filed with the SEC, DocGo warned that they recently suffered a cyberattack and are working with third-party cybersecurity experts to assist in the investigation.

“Promptly after detecting unauthorized activity, the Company took steps to contain and respond to the incident, including launching an investigation, with assistance from leading third-party cybersecurity experts, and notifying relevant law enforcement,” reads the DocGo SEC filing.

Source –

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

The MITRE Corporation has offered more details into the recently disclosed cyber-attack, stating that the first evidence of the intrusion now dates to December 31, 2023.

The attack, which came to light last month, singled out MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE) through the exploitation of two Ivanti Connect Secure zero-day vulnerabilities tracked as CVE-2023–46805 and CVE-2024–21887, respectively.

While the organization had previously disclosed that the attackers performed reconnaissance of its networks starting in January 2024, the latest technical deep dive puts the earliest signs of compromise in late December 2023, with the adversary dropping a Perl-based web shell called ROOTROT for initial access.


City of Wichita shuts down IT network after ransomware attack

The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack.

Wichita is the largest city in Kansas, with a population of 400,000 people, ranking it among the top 50 largest cities in the United States.

In a rare display of transparency, the city confirmed they suffered the attack on Sunday, May 5th, when IT systems were encrypted with ransomware.

In response to the attack, the city shut down its computer network to prevent the spread of the ransomware to other devices.

At this time, it is not known whether data has been stolen. However, it is very common for ransomware gangs to steal data in compromised networks for days, if not weeks, before deploying their encryptors.


UK military personnel data accessed in hack

The personal details of an unknown number of people serving in the UK military have been accessed, likely by China, a major UK news outlet has reported.

Britain’s Ministry of Defence (MoD) has not yet commented on the report, but Defence Minister Grant Shapps is due to make a statement to Parliament on Tuesday.

The government would not name the country involved, but it understood China was behind an attack on a payroll system that secured names and bank details of current service personnel and some veterans.

According to the BBC, attackers accessed data that relates to current and former members of the Royal Air Force, Army, and the Royal Navy over a period of several years.

British Work and Pensions Minister Mel Stride said the database, which was managed by an external contractor, had been taken offline quickly and that more information on the attack would be provided soon.


Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android.

Some of the notable flaws include a shell command injection bug impacting the System Tracing app and flaws in the Settings app that could enable theft of arbitrary files as well as leak information about Bluetooth devices, connected Wi-Fi networks, and emergency contacts.

It’s worth noting that while Phone Services, Print Spooler, Settings, and System Tracing are legitimate components from the Android Open Source Project (AOSP), they have been modified by the Chinese handset maker to incorporate additional functionality, leading to these flaws.


Deutsche Telekom claimed by LockBit, dozens more ransom victims

The Russian-linked ransomware cartel’s May 6th update of its darknet blog gives the German telecommunications company a May 21st deadline to start negotiations and pay its undisclosed ransom demand.

But, according to Deutsche Telekom spokesperson Christian Fischer, LockBit’s claim is all ransomware hearsay.

Deutsche Telekom is one of the world’s leading fixed-network, broadband, and mobile service providers, with a combined 299 million customers and nearly 200,000 employees across more than 50 countries, according to its website.

In 2023, Deutsche Telekom reported earnings totalling 112 billion Euros.

Besides the telecom giant, the ransom gang posted a whopping 57 other victims, both small and large companies, according to the blog.


New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data

Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm.

The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google.

Spectre is the name given to a class of side-channel attacks that exploit branch prediction and speculative execution on modern CPUs to read privileged data in the memory in a manner that sidesteps isolation protections between applications.

The latest attack approach targets a feature in the branch predictor called the Path History Register (PHR) – which keeps a record of the last taken branches — to induce branch mispredictions and cause a victim program to execute unintended code paths, thereby inadvertently exposing its confidential data.


Data incident at University System of Georgia exposes bank account numbers

The University System of Georgia said that “USG purchased MOVEit secure file transfer software from Progress Software to transfer and store sensitive data.”

This software contained a vulnerability that was subsequently exploited by hackers, with some dubbing this attack ‘the biggest hack of 2023.’

This led to various institutions, organizations, and individuals having their sensitive data exposed. Another victim to add to the list is the University System of Georgia (USG).

The data involved in the incident includes:

  • – Full or partial (last 4 digits) of Social Security Numbers
  • – Dates of birth
  • – Bank account numbers
  • – Federal income tax documents with Tax ID number


Ascension healthcare takes systems offline after cyberattack

Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a “cyber security event.”

As a major U.S. nonprofit health system, Ascension operates 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia.

It also employs 8,500 providers, has 35,000 affiliated providers and 134,000 associates. In 2023, it reported a total revenue of $28.3 billion.

Ascension added that the incident also disrupted clinical operations. An ongoing investigation is now assessing the impact and duration of the disruption.

It has also informed the relevant authorities of the cyberattack and hired Mandiant incident response experts to assist with the investigation and remediation process.


Threat Report – Multiple Vulnerabilities Discovered in F5 BIG-IP Devices

Threat Reports are reports created by Smarttech247 based on high and critical severity vulnerabilities that may have a high potential to be exploited in the wild i.e., vulnerabilities that are present in most used products by companies and do not have an auto-update option or they are usually not automatically updated in case that could
lead to some service disruption. This report is usually created as soon as the vulnerability is released, therefore we strongly recommend that the information is reviewed, tests are performed, and patches are applied before the first proof-of-concept is released.
Even though certain vulnerabilities may not have an active exploit in the wild at the time that we report on them, we take into consideration the wider risk and the impact it could have on systems, should an exploit like that be available after a while. Our duty is to report them on time, and we recommend enterprises that, in order to keep
critical business systems protected, they should consider, on average, ten working days to check whether or not the new vulnerability affects them, and if so, to implement actions in order to remove the risk.

Multiple vulnerabilities have been identified in F5 products, including cross-site scripting, SQL injection, and denialof-service vulnerabilities. These vulnerabilities pose security risks to government and business entities, with potential impacts ranging from data leaks to remote code execution.


  • Large and medium government entities: High
  • Small government entities: High
  • Large and medium business entities: High
  • Small business entities: High


Dell Hacked – 49 Million Customers Data Affected

Dell Technologies is investigating a data breach incident involving a company portal containing limited customer information related to purchases, the computer technology company announced Friday.

While no financial or highly sensitive data was accessed, Dell says names, physical addresses, and order details were exposed in the breach.

In a message to customers, Dell stated that its investigation shows that an unauthorized party accessed a database with customer names, addresses, hardware, and order information, including service tags, item descriptions, order dates, and warranty details.



Contact Us

The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.

    Copyright Smarttech247 - 2021