In the latest edition of Cyble’s weekly sensor intelligence report, cybersecurity experts revealed a concerning surge in attacks targeting the LightSpeed Cache and GutenKit WordPress plugins. As the report outlines, vulnerabilities in Internet of Things (IoT) devices and Virtual Network Computing (VNC) systems are escalating at an alarming rate, posing online risks to digital security.
According to Cyble’s sensor intelligence report, the WordPress ecosystem remains a prime target for cybercriminals. This week, two high-severity vulnerabilities were highlighted: CVE-2024-44000 affecting LightSpeed Cache and CVE-2024-9234 affecting GutenKit. These vulnerabilities highlight the ongoing appeal of content management systems (CMS) to threat actors, who exploit weaknesses to execute their malicious activities.
Cyble Sensor Intelligence Report: Vulnerabilities in WordPress Plugins
LightSpeed Cache Vulnerability: CVE-2024-44000
The first notable vulnerability, CVE-2024-44000, pertains to the LiteSpeed Cache plugin, which is designed to enhance website performance and optimization for WordPress. This vulnerability is characterized by insufficiently protected credentials, enabling potential authentication bypass that could lead to account takeover.
The vulnerability affects all versions of LiteSpeed Cache prior to 6.5.0.1. Exploitation of this flaw allows unauthenticated users to gain access to accounts of currently logged-in users, including those with administrator privileges.
GutenKit Vulnerability: CVE-2024-9234
The second vulnerability, CVE-2024-9234, affects the GutenKit Page Builder Blocks, Patterns, and Templates plugin. This flaw allows arbitrary file uploads due to a missing capability check in the install_and_activate_plugin_from_external() function. All versions up to and including 2.1.0 are vulnerable, enabling unauthenticated attackers to not only install arbitrary plugins but also upload malicious files disguised as legitimate plugins.
Cyberattacks and Phishing Attempts
Cyble’s report does not stop at WordPress and IoT vulnerabilities. It also outlines persistent threats against various systems, including Linux, Java, and other programming frameworks. The attack landscape for PHP, GeoServer, and both Python and Spring Java frameworks continues to be active, posing additional risks to organizations relying on these technologies.
In addition to the plugin vulnerabilities, Cyble’s sensors identified a surge in phishing campaigns, detecting thousands of new scams emails each week. In total, 385 new phishing email addresses were recorded, each linked to various scam attempts. The report provides details on several prominent scams, including fake refund claims and unrealistic investment offers, illustrating the diverse strategies employed by cybercriminals to deceive unsuspecting victims.
Conclusion
Cyble emphasizes the urgent need for organizations to adopt proactive security measures to counter the rising threats detailed in their latest sensor intelligence report. Key recommendations include prioritizing the patching of known vulnerabilities, closely monitoring network activity for unusual behavior, and implementing strong password protocols with regular updates.
Additionally, organizations should block known malicious IP addresses and secure frequently targeted ports while conducting regular security audits to identify weaknesses. As cyber threats continue to evolve, maintaining vigilance and a proactive approach is essential for protecting digital assets from exploitation and breaches. By following these recommendations, organizations can enhance their defenses and protect sensitive information.