Credential stuffing, Cisco, ICICI and Wordpress
April 28, 2024
Credential Stuffing Attacks on the Rise
Okta, a leading identity and access management provider, has issued a warning about a significant increase in credential stuffing attacks targeting online services. These attacks leverage readily available tools like residential proxy services, lists of compromised credentials (combo lists), and automation scripts. By routing requests through anonymizing services and residential proxies, attackers can disguise their origins and make it appear as if the attack traffic is coming from legitimate user devices. This makes it harder to detect and block these attacks.
It's crucial to implement strong password hygiene practices such as using unique and complex passwords for each online account and enabling multi-factor authentication wherever possible.
References
Okta warns of unprecedented scale in credential stuffing attacks on online services - How to Block Residential Proxies using Okta.
State-Sponsored Espionage Campaign Exploiting Cisco Vulnerabilities
Cisco Talos has identified a sophisticated cyber-espionage campaign targeting government networks around the world. The attackers are exploiting two zero-day vulnerabilities in Cisco Adaptive Security Appliance (ASA) devices and Cisco Firepower Threat Defense (FTD) software. This campaign, known as ArcaneDoor, involves the use of custom malware called Line Runner and Line Dancer to modify configurations, capture network traffic, and potentially conduct lateral movements within compromised networks.
Cisco has released security updates to address the vulnerabilities and urges all users to update their devices immediately.
References
Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms - Information on the vulnerabilities and the security updates released by Cisco.
ArcaneDoor Unlocked: Tackling State-Sponsored Cyber Espionage in Network Perimeters - Detailed analysis of the ArcaneDoor campaign and the malware used by the attackers.
Defending Against ArcaneDoor: How Eclypsium Protects Network Devices - Insight into the context and implications of the ArcaneDoor campaign.
ICICI Bank Credit Card Data Leak
ICICI Bank, a major private bank in India, has accidentally exposed sensitive data of thousands of new credit cards to unintended recipients due to a technical glitch in its mobile banking app. The exposed information includes credit card numbers, expiry dates, and CVV codes. ICICI Bank has blocked the affected cards and is issuing new ones to customers.
This incident highlights the importance of robust security measures in mobile banking applications and the need for prompt action in case of any technical glitches that could compromise sensitive customer data.
References
ICICI Bank exposed credit card data of 17000 customers - Details of the data leak and the response from ICICI Bank.
WordPress Automatic Plugin Vulnerability
A critical SQL injection vulnerability (CVE-2024-27956) in the WordPress Automatic plugin is actively being exploited by attackers to inject backdoors and web shells into websites. The vulnerability allows attackers to gain admin-level privileges, upload malicious files, and potentially take full control of affected sites.
It is critical to update the WP-Automatic plugin to version 3.9.2.1 or later to mitigate this vulnerability.
References
Experts warn of an ongoing malware campaign targeting WP-Automatic plugin - Details of the vulnerability and the ongoing attack campaign.
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors - Additional information about the exploitation of the vulnerability.