This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Why play catch up when you can fix this now?
Attackers are Actively Exploiting a WordPress Vulnerability
CVE-2022-45359 is a vulnerability in YITH WooCommerce Gift Cards Premium, a WordPress plugin. When exploited it can allow unauthenticated attackers to upload files to vulnerable sites, including web shells that provide full access to the site. Attackers are currently uploading backdoors on the sites, obtaining remote code execution, and performing takeover attacks. The YITH WooCommerce plugin is used in more than 50,000 websites and many of its customers could be impacted by this attack campaign.
WordPress has already released a security update in the plugin version 3.21.0. All WordPress customers are advised to update to this version at the earliest.
CISA Adds Old TIBCO Vulnerabilities to the KEV
On 29 Dec 2022, CISA added CVEs from 2018 that occur in TIBCO Software’s JasperReports product. It is a Java-based reporting and data analytics platform for creating, distributing, and managing reports and dashboards.
CVE-2018-18809 is a directory traversal vulnerability in the JasperReports Library that could permit web server users to access sensitive files on the host. It can also allow an attacker to steal credentials and break into other systems. TIBCO patched it in March 2019.
CVE-2018-5430 is an information disclosure bug in the server component that could enable an authenticated user to gain read-only access to arbitrary files, including key configurations. It was fixed in April 2018.
All Federal agencies in the U.S. are required to patch these vulnerabilities by January 19, 2023.
Follow our weekly Threat Intelligence Series and podcast for proactive alerts on trending threats.