CISA and its partners recently released an advisory to warn vendors, designers, developers, and end-users of web applications about IDOR vulnerabilities, which are access control vulnerabilities that enable threat actors to modify or delete data. In addition, these vulnerabilities enable threat actors to access sensitive data by issuing requests to a web application programming interface (API) specifying the user identifier of valid users. These vulnerabilities are frequently exploited by malicious actors in data breach incidents because they are common, hard to prevent outside the development process, and can be abused at scale. IDOR vulnerabilities have resulted in the compromise of personal, financial, and health information of millions of users and consumers
The Kenyan government, via the Ministry of Interior, claimed that some of the country's online infrastructures had been struck by a wave of Distributed Denial of Service (DDoS) attacks, rendering the country's online platforms unreachable. The attack began on 23 July 2023, just barely four weeks after President Ruto released thousands of government services on the e-citizen platform in an effort to boost efficiency and reduce corruption. This platform hosts services such as passport applications and renewals, e-visa issuance, driver's licences, identification cards, and national health records. Kenya's well-known mobile payment system, M-Pesa, as well as the National Transport and Safety Authority (NTSA), Kenya Power and Lighting Company (KPLC), and Kenya Railways, have all been impacted. Anonymous Sudan has claimed responsibility for the attacks.
AhnLab Security Emergency Response Centre (ASEC) has revealed that the North Korean state-sponsored Lazarus hacking group is breaching Windows Internet Information Service (IIS) web servers to hijack them for malware distribution. This latest campaign takes advantage of a weakness in INISAFE CrossWeb EX V6 to transmit the Lazarus malware. INISAFE CrossWeb EX V6 is a software used to protect against malicious websites and malware attacks. However, it has been reported that the Lazarus group has exploited a vulnerability in the software to distribute malware. The malware is installed when a system using a vulnerable version of INISAFE CrossWeb EX V6 visits a website via a web browser.
ngCERT recently observed several cases of watering hole attacks that target groups of people who are somehow connected - whether they work for the same company, belong to the same social club, or have a common interest/background. The goal of this attack is to compromise as many of these users' devices as possible and, in some cases, gain access to their organization's network. In other words, a watering hole attack occurs when cyber criminals use skills such as hacking and social engineering to target individuals, groups, or organizations on a website they frequent. Alternatively, the attacker can direct the victim(s) to a website that they have compromised.
Popular WordPress plugin “Essential Addons for Elementor” by WPDeveloper was found to contain a vulnerability that could allow remote attackers to escalate privileges to an administrator on the site. The plugin has more than a million active installations and the vulnerability affects versions 5.4.0 to 5.7.1.