Featured Story
WordPress Plug-in Used in 1M+ Websites Patched to Close Critical Bug
A critical privilege escalation vulnerability has been patched in the Essential Addons for Elementor plugin, used by over 1 million WordPress websites. CVE-2023-32243 affects versions 5.4.0 through 5.7.1 and allows unauthenticated attackers to escalate privileges up to administrator level.
This is part of a growing trend in which popular WordPress plugins are actively exploited. WordPress’ popularity makes it a prime target for cybercriminals — and security researchers alike.
Security posture must go beyond WordPress core. Add EDR, antivirus, and a Web Application Firewall (WAF) to protect your web assets. Our SOC offers 24/7 threat monitoring and managed WAF to prevent WordPress-based attacks.
Other Stories
New Ransomware Gang RA Group Hits U.S. and South Korean Organizations
The RA Group is the latest to weaponize leaked Babuk ransomware code. Since April 2023, it has attacked victims in manufacturing, insurance, and pharma sectors. Data from victims is being leaked via a secure TOR-based portal.
ESXi hypervisors remain a major target. One ransomware event can bring down dozens of virtual machines. If you manage virtual infrastructure, let us help secure it through hardening, segmentation, and threat detection tooling.
KeePass Vulnerability Imperils Master Passwords
CVE-2023-32784 affects KeePass 2.X and allows attackers to recover the master password in plaintext from a memory dump. The vulnerability exists even after closing the app, and a PoC has been published ahead of the patch release (v2.54).
While KeePass is a solid password manager, no app is secure if the underlying OS is compromised. Physical or remote access is required. Use EDR tools and monitor for memory scraping or unusual process behavior on endpoints.
CISA: Several Old Linux Vulnerabilities Exploited in Attacks
CISA has added multiple Linux-related CVEs to its Known Exploited Vulnerabilities list. Some date back nearly a decade, showing that unpatched legacy systems remain a threat. Notably, the Ruckus flaw is being exploited by AndoryuBot for DDoS attacks.
Organizations must maintain an up-to-date inventory of all software and systems. Patch visibility and lifecycle management are key. Our SOC can help audit patch levels and exposure to known vulnerabilities.
Romance Scam: Be Careful If You Receive This Kind of Message
Safeonweb has received over 2,500 reports of romance scams. Victims are lured into online relationships and coaxed into revealing personal or financial information. Links redirect to fake websites asking for credentials or bank details.
The tips outlined by Safeonweb are fully supported by our SOC. Never click unsolicited links or share sensitive info via text or email. If in doubt, forward messages to:
- verdacht@safeonweb.be
- suspect@safeonweb.be
- suspicious@safeonweb.be
Our analysts can help investigate and validate suspicious communications.
