Cybersecurity experts have raised concerns over a recent surge in attacks targeting the LightSpeed Cache and GutenKit WordPress plugins, as highlighted in Cyble’s weekly sensor intelligence report. The report emphasizes the escalating vulnerabilities in Internet of Things (IoT) devices and Virtual Network Computing (VNC) systems, posing significant online risks to digital security.
The WordPress ecosystem continues to be a prime target for cybercriminals, with two high-severity vulnerabilities, CVE-2024-44000 affecting LightSpeed Cache and CVE-2024-9234 affecting GutenKit, being identified in the latest report. These vulnerabilities underscore the continual appeal of content management systems (CMS) to threat actors who exploit weaknesses for malicious activities.
The CVE-2024-44000 vulnerability pertains to the LiteSpeed Cache plugin, known for enhancing website performance and optimization for WordPress. The flaw is characterized by insufficiently protected credentials, allowing potential authentication bypass that could result in account takeover. All versions of LiteSpeed Cache prior to 6.5.0.1 are affected, enabling unauthenticated users to access accounts of logged-in users, including those with administrator privileges.
On the other hand, the CVE-2024-9234 vulnerability affects the GutenKit Page Builder Blocks, Patterns, and Templates plugin, enabling arbitrary file uploads due to a missing capability check in the install_and_activate_plugin_from_external() function. Versions up to and including 2.1.0 are vulnerable, permitting unauthenticated attackers to install arbitrary plugins and upload malicious files disguised as legitimate plugins.
In addition to plugin vulnerabilities, Cyble’s sensors have detected a rise in phishing campaigns, with thousands of new scam emails being identified each week. A total of 385 new phishing email addresses were recorded, linked to various scam attempts such as fake refund claims and unrealistic investment offers. These findings illustrate the diverse strategies employed by cybercriminals to deceive unsuspecting victims.
The report also highlights persistent threats against systems like Linux, Java, PHP, GeoServer, and other programming frameworks, posing additional risks to organizations reliant on these technologies. As cybersecurity threats evolve, organizations are urged to adopt proactive security measures, including patching known vulnerabilities, monitoring network activity for anomalies, and implementing strong password protocols with regular updates. It is also recommended to block known malicious IP addresses, secure frequently targeted ports, and conduct regular security audits to identify vulnerabilities.
With cyber threats becoming increasingly sophisticated, maintaining vigilance and a proactive approach is crucial for safeguarding digital assets from exploitation and breaches. By following these recommendations, organizations can strengthen their defenses and safeguard sensitive information from malicious actors.