25TH JAN 2024
25TH JAN 2024In a recent surge of cybersecurity challenges, the spotlight falls on three distinct incidents – the data breach at genetic testing provider 23andMe, account compromises in Payoneer, and the exploitation of a critical vulnerability in the widely-used 'Better Search Replace' WordPress plugin. Join us as we explore the latest in cybersecurity.
Here are the details regarding the latest cybersecurity news:
Genetic testing provider 23andMe recently disclosed a significant data breach, revealing that hackers accessed health reports and raw genotype data for a period of five months, from April 29 to September 27. The breach resulted from a credential stuffing attack, utilizing stolen credentials from other data breaches or compromised online platforms.
The compromised data, disclosed in breach notification letters, includes information for 1 million Ashkenazi Jews and 4.1 million individuals in the United Kingdom. 23andMe confirmed that the threat actor downloaded uninterrupted raw genotype data and potentially accessed other sensitive information, including health reports, wellness reports, and carrier status reports.
For users of 23andMe's DNA Relatives feature, the attackers may have scraped DNA Relatives and Family Tree profile information, exposing ancestry reports, matching DNA segments, self-reported locations, ancestor birth locations, family names, profile pictures, birth years, and more.
In response, 23andMe mandated password resets for all users on October 10 and implemented two-factor authentication for added security since November 6. The incident prompted multiple lawsuits, leading to updates in the company's Terms of Use to streamline the arbitration process.
Payoneer users in Argentina faced a disturbing situation as their 2FA-protected accounts were compromised, resulting in fund losses. Users woke up to unauthorized SMS OTP codes, leading to login issues.
Payoneer, a popular financial services platform, witnessed users losing access or finding empty wallets, with losses ranging from $5,000 to $60,000. Before the breach, users received SMS requests for password reset approval on Payoneer, a request they didn't grant.
Investigations revealed affected users, mostly using Movistar, raising suspicions of a Movistar data leak. Another theory suggests a breach in the SMS provider delivering OTP codes.
Payoneer, acknowledging the issue, attributes it to phishing attempts. Users dispute, claiming they didn't click on phishing links. The attack mechanism is unclear, with suspicions of a 2FA bypass bug. Users are advised to withdraw funds or disable SMS-based 2FA.
In a January 20 update, Payoneer pledged to protect funds, recover losses, and educate users on safety measures. Uncertainty looms as investigations continue, and restitution details remain unanswered.
A critical vulnerability in the widely-used 'Better Search Replace' WordPress plugin has been exploited by malicious actors, prompting security experts to observe thousands of attack attempts in the last 24 hours. The plugin, boasting over a million installations, assists admins in database search and replace operations during website migrations.
WP Engine, the plugin's vendor, released version 1.4.5 last week to address the severe PHP object injection flaw (CVE-2023-6933). Unauthenticated attackers can exploit this vulnerability by injecting a PHP object, potentially leading to code execution, data access, file manipulation, or an infinite loop denial of service.
Although Better Search Replace isn't directly vulnerable, it can be exploited if another plugin or theme on the same site contains a Property Oriented Programming (POP) chain. WordPress security firm Wordfence has already thwarted over 2,500 attacks targeting this vulnerability, emphasizing the urgency for users to upgrade to version 1.4.5 immediately.
