Mia Davis
June 3, 2024
4 Min Read

Threat Report 03.06.24

CatDDoS-related gangs exploiting over 80 vulnerabilities

Security researchers have reported a surge in activity from gangs behind the CatDDoS botnets, exploiting over 80 vulnerabilities within the past three months. The maximum number of targets per day has been observed to exceed 300.

The gangs have been targeting well-known vulnerabilities in popular products from well-established vendors. Among some of the vendors targeted are Apache, Cisco, D-Link, GitLab, Google, Huawei, Linksys, Netgear, Realtek, TP-Link, and Zyxel, with more listed in the original research post from QiAnXin’s XLab team.

It is imperative that devices are updated to the latest version as soon as possible to ensure these vulnerabilities are not targeted to gain access to your systems.

WordPress plugin vulnerabilities exploited to create rogue admin accounts, security researchers warn

Security researchers at Fastly have released a report warning that multiple high-severity security vulnerabilities across various WordPress plugins are being actively exploited to create admin accounts on affected websites for later malicious activities.

Threat actors are exploiting these vulnerabilities to perform cross-site scripting (XSS) attacks to deploy a script which creates a new administrator account, injects backdoors, and sets up tracking scripts to presumably monitor the targeted website.

The vulnerabilities are:

  • CVE-2024-2194 in WP Statistics plugin.
  • CVE-2023-6961 in WP Meta SEO plugin.
  • CVE-2023-40000 in LiteSpeed Cache plugin.

It is recommended to update these plugins as soon as possible to prevent exploitation if they are used on your website.

New research warns about weak offboarding procedures and insider risks

Security researchers at Wing Security have released a study talking about the threats related to weak offboarding management and the potential for insider threats. The study cites statistics that the researchers have found pertaining to ex-employees' access to organisations’ systems and data, as well as the residual threat that this poses and how this should be combated with robust offboarding procedures and security measures.

The study finds that 63% of businesses may have systems containing organisational data that former employees still have access to, and that 34% of businesses have more than 10 ex-employees able to access their previous company’s data. 20% of companies have at least 5 former employees that can still access Slack, and 43% with ex-employees that still have access to GitHub or GitLab repositories of code. These pose considerable risk of data breaches, intellectual property theft, and compliance violations.

To ensure employees are effectively and quickly offboarded, it is recommended to have a robust offboarding procedure which factors in all applications where they had access, and to automate this offboarding where possible to reduce human error or oversight. Regularly access reviews should also be conducted to ensure there is no one with access to systems that should not have access.

Read similar blogs