Two vulnerabilities have been announced by the maintainers of a popular open-source tool that provides foundational support for multiple network protocols, including SSL, TLS, HTTP, FTP, and SMTP. The problems revolve around curl, an open-source command-line tool that researchers say is widely used by developers and system administrators to interact with Application Programming Interfaces (APIs), download files, and create automated workflows.

According to security researchers at Sucuri, a recently patched vulnerability affecting a plugin associated with the Newspaper and Newsmag themes has been exploited to hack thousands of WordPress websites as part of a long-running campaign named Balada Injector.  The researchers noted that an exploited vulnerability (CVE-2023-3169) was discovered in the TagDiv Composer front-end page builder plugin of the Newspaper and Newsmag premium themes, which have been sold nearly 140,000 times.

Despite all the talk about new technologies such as ChatGPT and the growing complexity of attacks, cybercriminals continue to use numerous basic attacks because they are effective. These attacks, such as phishing attacks and credential harvesting, are designed to exploit human behavior. For example, a recent Cybersecurity and Infrastructure Security Agency (CISA) report discovered that valid account credentials are behind most successful threat actor intrusions into critical infrastructure networks and state and local agencies.

A Magecart campaign has been manipulating websites' default 404 error page to hide malicious code. According to Akamai, the activity targets Magento and WooCommerce websites, with some victims belonging to major food and retail companies. The malicious code snippet was injected into one of the victim websites' first-party resources. This involves directly inserting the code into the HTML pages or in one of the website's first-party scripts.

The popular D-Link DAP-X1860 Wi-Fi 6 range extender is vulnerable to Denial-of-Service (DoS) and remote command injection. The product is listed as available on D-Link's website and has thousands of reviews on Amazon, indicating that it is a popular option among consumers. A group of German researchers known as RedTeam who discovered the vulnerability, tracked as CVE-2023-45208, report that despite repeated attempts to alert D-Link, the vendor has remained quiet, and no patches have been issued. The issue resides within D-Link DAP-X1860's network scanning functionality.

Cloudflare, Google, and Amazon AWS have disclosed that a zero-day vulnerability called HTTP/2 Rapid Reset in the HTTP/2 protocol has been exploited to launch massive, high-volume Distributed Denial-of-Service (DDoS) attacks. Cloudflare discovered the zero-day vulnerability developed by an unknown threat actor in August 2023. The vulnerability exploits the standard HTTP/2 protocol, a crucial component of the Internet and most websites. This new attack works by making hundreds of thousands of "requests" that are then promptly canceled.

UK-based cable manufacturing giant Volex was recently targeted in a cyberattack involving unauthorized access to some of the company’s IT systems and data.  The company stated that all its sites remain operational, and it does not expect any financial impact caused by the incident to be material.  However, it did admit that there has been some “minimal disruption to global production levels.”  Specialist third-party consultants have been engaged to investigate the nature and extent of the incident and to implement the incident response plan.

A leading genetics testing firm recently confirmed that threat actors accessed customers’ profile information following a credential stuffing campaign.  San Francisco-headquartered 23andMe offers DNA testing, ancestry information, and personalized health insights for millions of customers.  A threat actor known as “Golem” posted an ad to BreachForums last week, offering “raw data profiles,” “tailored ethnic groupings,” “individualized data sets,” and much more to online buyers.  Prices start at $1,000 for 100 profiles and max out at $100,000 for 100,000 profiles.

Google has recently announced the expansion of its vulnerability rewards program with two events focused on Chrome’s V8 JavaScript rendering engine and on Kernel-based Virtual Machine (KVM).  The v8CTF, which has already started, allows security researchers to earn monetary rewards for successfully exploiting a V8 version running on Google’s infrastructure.  According to the program’s rules, security researchers submitting valid exploits are eligible for a reward of $10,000.  The kvmCTF is set to be launched later this year.

The District of Columbia Board of Elections (DCBOE) recently confirmed that voter records were compromised in a data breach at a third-party services provider.  An independent agency of the District of Columbia Government, the DCBOE is responsible for the administration of ballot access, elections, and voter registration.  The agency stated that on 10/5, it became aware of a cybersecurity incident involving DC voter records.  While the incident remains under investigation, DCBOE’s internal databases and servers were not compromised.