Security

WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild.

The vulnerability is a code injection vulnerability affecting multiple Ninja Forms releases, starting with version 3.0 and up. Wordfence threat analyst Ramuel Gall discovered when reverse-engineering the patch that unauthenticated attackers can exploit this bug remotely to call various Ninja forms classes using a flaw in the Merge Tags feature.

Researchers have unearthed a discovery that doesn’t occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.

Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC key cards. Now, a researcher has shown how the feature can be exploited to steal cars.

For years, drivers who used their Tesla NFC key card to unlock their cars had to place the card on the center console to begin driving. Following the update, which was reported here last August, drivers could operate their cars immediately after unlocking them with the card. The NFC card is one of three means for unlocking a Tesla; a key fob and a phone app are the other two.

Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines (VMs) running on enterprise Linux servers.

Most ransomware groups are now focusing their attacks on ESXi VMs since this tactic aligns with their enterprise targeting. It also makes it possible to take advantage of faster encryption of multiple servers with a single command. Encrypting VMs makes sense since many companies have recently migrated to virtual machines as they allow for easier device management and a lot more efficient resource usage.

Chinese chipmaker Unisoc has been able to seize upon opportunities in the global chip shortage crisis. As Taiwanese cohort MediaTek has been able to ascend with more upscale products, so has Unisoc, taking the former's place in more budget phones. But such a rise is due stricter scrutiny: we've seen one of the company's older chips marked as a threat vector, putting owners of a number of budget phones at risk with only some prospect of a patch. Now, we're learning about another vulnerability that's explicitly affecting a Unisoc chip in three Motorola devices.

 On May 31, a ransomware group using Lockbit 2.0 attacked Foxconn's factory in Tijuana, threatening to divulge sensitive information if the company didn't pay a ransom by June 11. The ransom amount is unknown but could be in the tens of millions, judging by past attacks.

Foxconn has just confirmed that one of its production plants got hit by a ransomware attack in late May, disrupting production. The company didn't disclose who the perpetrators were, but a cybercrime group using the Lockbit 2.0 ransomware has already claimed responsibility.

Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang.

Industrial Spy is a hacking group that runs an extortion marketplace where they sell data stolen from compromised organizations. Yesterday, the hacking group began selling data allegedly stolen from Novartis on their Tor extortion marketplace for $500,000 in bitcoins.

Threat actors compromised Bored Ape Yacht Club (BAYC) for the third time this year, they have stolen and sold NFTs, making away with 142 ETH, equivalent to over $250,000. The hacker conducted a phishing attack, they set up a phishing site that impersonated the official BAYC site claiming that BAYC, MAYC and OthersideMeta holders were able to claim a free NFT for a short period of time.

The website was advertised through the official BAYC Discord for a Yuga Labs community manager that was previously hackerd.

About this time last week, threat actors began quietly tapping a previously unknown vulnerability in Atlassian software that gave them almost complete control over a small number of servers. Since Thursday, active exploits of the vulnerability have mushroomed, creating a semi-organized frenzy among competing crime groups.

Researchers warned last weekend that a flaw in Microsoft's Support Diagnostic Tool could be exploited using malicious Word documents to remotely take control of target devices. Microsoft released guidance on Monday, including temporary defense measures.