Featured Story
FBI Issues Alert on Russian Threats Targeting Ubiquiti Routers
A joint Cybersecurity Advisory (CSA) from the FBI, NSA, US Cyber Command, and international partners warns of Russian state-sponsored actors exploiting Ubiquiti EdgeRouters. Known as APT28, Fancy Bear, and Forest Blizzard, these actors are using the compromised routers to harvest credentials, proxy network traffic, and host spear-phishing landing pages.
Despite a recent GRU botnet disruption by US and international authorities, the CSA stresses the need for organizations to adopt its recommended mitigations to prevent further compromises.
The techniques observed include:
– Harvesting credentials
– Proxying network traffic
– Hosting spear-phishing landing pages
To mitigate:
– Update firmware regularly
– Use strong, non-default passwords
– Segment critical networks
Other Stories
Black Basta and Bl00dy Ransomware Exploit ConnectWise ScreenConnect Bugs
Multiple threat actors are exploiting two recently disclosed vulnerabilities in ConnectWise ScreenConnect (CVE-2024-1709 and CVE-2024-1708). These bugs are being used to deploy ransomware and perform data exfiltration. Among the groups identified are Black Basta and Bl00dy.
Trend Micro confirms active exploitation and stresses the importance of updating to version 23.9.8 or later.
These developments follow last week’s disclosure.
Exploitation has rapidly increased, targeting:
– Ransomware deployment
– Data exfiltration
If you’re running a self-hosted instance, apply the latest patch immediately.
WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
A vulnerability in the LiteSpeed Cache plugin for WordPress (CVE-2023-40000) could allow unauthenticated users to execute stored XSS attacks that lead to privilege escalation. The flaw was patched in version 5.7.0.1. The latest version, 6.1, was released in February 2024.
This XSS vulnerability may enable:
– Privilege escalation
– Information theft
All users should ensure they are running the latest version of the plugin.
Plugin developers must prioritize input filtering and output sanitization to prevent similar issues.
eBay, VMware, McAfee Subdomains Hijacked in Massive Phishing Operation
Over 8,000 subdomains from trusted brands — including eBay, McAfee, MSN, CBS, and Cornell — have been hijacked as part of a large phishing campaign named SubdoMailing. The campaign sends millions of emails daily and bypasses SPF, DKIM, and DMARC authentication.
The phishing emails impersonate legitimate domains to evade security filters and target victims at scale.
These attacks undermine domain trust and highlight the importance of subdomain hygiene.
– Regular subdomain audits
– User education on advanced phishing threats
– Use Guardio’s checker to identify vulnerable domains: check here
