Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection
Source: Dark Reading
Attackers can exploit a critical SQL injection vulnerability found in a widely used WordPress plug-in to compromise more than 1 million sites and extract sensitive data such as password hashes from associated databases.
After Ransomware Hits, County Declares State of Emergency
Source: Data Breach Today
The Missouri county of Jackson County, Missouri declared a state of emergency after being hit by ransomware on the day of a special election. Officials on Tuesday first warned residents the county was responding to a "potential ransomware attack" in the wake of multiple unexplained IT outages. The county, which has seats in both Independence and Kansas City, has more than 700,000 residents.
Omni Hotels confirms cyberattack behind ongoing IT outage
Source: Bleeping Computer
Omni Hotels & Resorts has confirmed a cyberattack caused a nationwide IT outage that is still affecting its locations. In response to this incident, Omni took down impacted systems, and its IT teams are now working on restoring and bringing them back online.
New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware
Source: The Hacker News
An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident," Cofense researcher Dylan Duncan said.
Hackers Update Vultur Banking Malware With Remote Controls
Source: Data Breach Today
Threat actors are tricking banking customers with SMS texts into downloading new and improved banking malware named Vultur that interacts with infected devices and alters files.