Shocking Security Flaws in WordPress Plugins & Beyond: Are You at Risk?

WordPress Plugins Under Attack: Critical Security Flaws Exposed

Hold onto your hats, folks! Two major security vulnerabilities have recently been uncovered in popular WordPress plugins, putting hundreds of thousands of websites at risk. Let’s dive into the details and find out how you can protect your site.

ThemeGrill Demo Importer: A Wolf in Sheep’s Clothing

First up, we have the ThemeGrill Demo Importer, a widely-used plugin with approximately 200,000 installations. This handy tool allows site admins to import demo content, widgets, and settings with ease. However, a recently discovered security flaw enables attackers to execute code with administrative privileges, without any authentication or authorization checks.

You heard that right! Exploiting this vulnerability, cybercriminals can:

• Alter your site’s database
• Gain automatic administrative access

This vulnerability affects all versions from 1.3.4 to 1.6.1, so if you’re using this plugin, it’s time to take action!

GDPR Cookie Consent Plugin: A Sweet Treat Turned Sour

Next on our list is the GDPR Cookie Consent plugin, which helps websites comply with the General Data Protection Regulation (GDPR). With around 700,000 sites using this plugin, the recently discovered vulnerability is cause for concern.

The issue stems from insufficient access controls in an endpoint used by the plugin’s AJAX API. The affected endpoint, the “_construct” method, initiates code for newly created objects. When a process is created, it’s sent to the “_construct” method via AJAX without any verification.

As a result, the AJAX endpoint, intended to be accessible only by administrators, becomes accessible to subscribers. This vulnerability allows attackers to:

• Modify site content
• Inject malicious JavaScript code

This security flaw affects GDPR Cookie Consent versions 1.8.2 and earlier. To mitigate this risk, users should update to version 1.8.3 or later.

Ransomware Attacks Wreak Havoc on US Healthcare Institutions

Ransomware attacks have become a significant issue for healthcare organizations, disrupting systems and preventing access to patient information until a ransom is paid. But the damage doesn’t stop there. Delays in system recovery and other remediation issues hinder operations, affecting patient care and causing appointment cancellations.

According to a report by Comparitech, 172 ransomware attacks since 2016 have resulted in over $157 million in financial losses for US healthcare organizations. These security breaches have impacted a total of 1,446 healthcare institutions, affecting 6,649,713 patients. Some key findings from the report include:

• 74% of the affected institutions are hospitals and clinics
• The remaining 26% include IT service providers, nursing homes, plastic surgeons, health insurance companies, and medical equipment suppliers
• Approximately $640,000 has been paid in ransom
• The remainder of the financial loss is attributed to recovery efforts

California Healthcare Institutions Take the Hardest Hit

Healthcare institutions in California have been the most affected by ransomware attacks, accounting for 14.5% of the total attacks since 2016. Texas follows closely behind with 14 reported attacks. The report also notes that ransom demands by attackers range from $1,600 to a staggering $14,000,000.

Since 2016, 21 different organizations have paid a total of $641,649 in ransom. The ease with which hospitals and other healthcare institutions are targeted by attackers is a growing concern for both the institutions and their patients. Without adequate preventive measures, ransomware attacks are expected to continue.

SweynTooth: Security Vulnerabilities in Bluetooth-Enabled Devices

Researchers from the Singapore University have discovered 12 critical security vulnerabilities affecting millions of Bluetooth-enabled smart devices worldwide. These vulnerabilities, collectively named ‘SweynTooth,’ stem from flaws in the software development kits (SDKs) used by many System on a Chip (SoC) manufacturers.

These vulnerable SDKs are used to develop Bluetooth Low Energy (BLE) wireless communication technologies, leading to the emergence of these security flaws. Over 480 products from popular brands such as Samsung, FitBit, and Xiaomi are affected by SweynTooth.

Exploiting these vulnerabilities requires the attacker to be in close physical proximity to the vulnerable devices. Successful exploitation can cause devices to:

• Crash
• Freeze
• Bypass security mechanisms

The detailed report indicates that affected products are used in various industries, including consumer electronics, smart home appliances, wearable devices, logistics, and healthcare. Exploiting these vulnerabilities could lead to dangerous situations.

The researchers have notified the SoC manufacturers about these vulnerabilities, and most manufacturers have released necessary updates to address these security flaws.

OpenSSH 8.2: Critical Security Updates Released

OpenSSH, one of the most widely used applications of the SSH protocol, has released OpenSSH 8.2 with two important security updates. First, the new version includes support for FIDO/U2F hardware-based authentication, allowing users to perform two-factor authentication (2FA).

Users can configure a hardware security key to authenticate via SSH. Once this feature is enabled, users can complete the authentication process using a USB, Bluetooth, or NFC-based security key after logging into the remote server with a password or SSH certificate.

The other update involves the deprecation of the SSH-RSA public key signature algorithm. This change is part of OpenSSH’s ongoing efforts to improve security and stay ahead of potential threats.