Google Play Movies & TV for Android TV is going away in January 2024

0
[ad_1]

Google has been making a lot of changes to many of its apps, phasing out some, replacing others, or completely removing them. Google Play Movies & TV is one of the apps that the search giant decided to discontinue earlier this year.

The last piece of information regarding the app confirmed Google Play Movies & TV app for Android TV will get the ax on October 5. Over the weekend, Google detailed how users will be able to access purchased content after the app is completely gone on January 17, 2024.

First off, Google Play Movies & TV will no longer be available on Android TV devices or the Google Play website. However, this change will be rolled out over the next few weeks depending on location and country.

Secondly, users will be able to access all of their previously purchased titles on Android TV devices, Google TV devices, the Google TV mobile app (Android and iOS), and YouTube. Here is how you’ll be able to do that starting January 17, 2024:

  • On TVs and streaming devices powered by Android TV – The Shop tab will be your new home for watching previously purchased titles or buying and renting new movies on Android TV. All purchased content will be available in the Your Library row on the Shop tab.
  • On cable boxes or set-top boxes powered by Android TV – The YouTube app will be your new home for watching previously purchased titles or buying and renting new movies from Google.
  • On a web browser – YouTube will be your new home for watching previously purchased titles or buying and renting new movies on a web browser. All content purchased from Google, including active rentals, will be available on the YouTube website.

That being said, you have until January 17, 2024 to pay your respects to the Google Play Movies & TV app for Android TV.

[ad_2]
Source link

Researchers Uncovered an Active Directory DNS spoofing exploit

0
[ad_1]

In the intricate web of our interconnected world, the Domain Name System (DNS) stands as a linchpin, directing users to their online destinations. 

Yet, even this vital system is not impervious to the dark art of malicious manipulation.

In a recent revelation by Akamai security researchers, a chink in the armor of DNS security has been exposed. 

This vulnerability, resulting from exploiting DHCP DNS Dynamic Updates, opens the door for attackers to engage in the deceptive art of DNS record spoofing.

Navigating the Vulnerability’s Landscape

Dynamic Host Configuration Protocol (DHCP), the silent orchestrator of IP addresses and configurations in network devices, harbors a vulnerability in its feature set. 

DHCP DNS Dynamic Updates, designed for automatic DNS record updates, becomes a double-edged sword when left unguarded. 

The absence of authentication in this process allows any device on the network to masquerade as others, initiating a dangerous game of impersonation.

DNS records act as the internet’s address book, translating human-readable domain names into numerical IP addresses. 

Spoofing these records allows attackers to redirect unsuspecting users to malicious websites, mimicking legitimate platforms like banks, social media sites, and even internal company resources. 

This enables them to steal login credentials, access sensitive information, and even launch further attacks within the network.

Abused DHCP Feature

The vulnerability lies within a feature called DHCP DNS Dynamic Updates. 

This feature allows DHCP servers to automatically register and update DNS records for connected devices, ensuring smooth network access. 

However, its inherent lack of authentication makes it susceptible to exploitation. 

Malicious actors can exploit this vulnerability by sending forged requests to the DHCP server, effectively tricking it into creating or modifying DNS records and ultimately redirecting users to their crafted phishing sites.

The potential impact of this vulnerability is significant. Microsoft DHCP servers are widely used, with Akamai observing them on 40% of the networks it monitors.

This translates to millions of organizations and individuals potentially exposed to DNS spoofing attacks, making this a critical threat requiring immediate attention.

Akamai recommends implementing mitigation strategies until a patch is available from Microsoft.

This article has only scratched the surface of the issue. To delve deeper into the technical details of the vulnerability, how to exploit it, and advanced mitigation strategies, please refer to the original research paper by Akamai.


[ad_2]
Source link

Fake hotel reservation phishing scam uses PDF links to spread MrAnon Stealer

0
[ad_1]

MrAnon Stealer is capable of stealing data and gathering information from cryptocurrency wallets, browsers, messaging apps and VPN clients.

Cybersecurity researchers at FortiGuard Labs have brought to light a new email phishing campaign exploiting false hotel reservations to lure unsuspecting victims. The phishing attack involves the deployment of a malicious PDF file that, once opened, unleashes a chain of events leading to the activation of the MrAnon Stealer malware.

Rather than relying on complex technical details, the attackers cunningly pose as a hotel reservation company, sending phishing emails under the subject, “December Room Availability Query.” The email body contains fabricated holiday season booking details, with the malicious PDF file hiding a downloader link.

Phishing alert: Fake hotel reservation scam uses PDF links to spread MrAnon Stealer
The phishing email (Screenshot credit: Fortinet Labs)

Upon closer inspection, cybersecurity experts at FortiGuard Labs uncovered a multi-stage process involving .NET executable files, PowerShell scripts, and deceptive Windows Form presentations. The attackers, posing as a hotel reservation company, skillfully navigate through these stages, using tactics like false error messages to cloak the successful execution of the malware.

The MrAnon Stealer, a Python-based infostealer, operates discreetly, compressing its activities with cx-Freeze to slip past detection mechanisms. The malware executes a meticulous process that includes capturing screenshots, retrieving IP addresses, and stealing sensitive data from various applications.

The attackers demonstrate sophistication by terminating specific processes on the victim’s system and masquerading as legitimate connections to fetch IP addresses, country names, and country codes. The stolen data, including credentials, system information, and browser sessions, is compressed, secured with a password, and uploaded to a public file-sharing website.

According to FortiGuard Labs’ blog post, MrAnon Stealer can gather information from cryptocurrency wallets, browsers, and messaging apps such as Discord, Discord Canary, Element, Signal, and Telegram Desktop. Additionally, it targets VPN clients like NordVPN, ProtonVPN, and OpenVPN Connect.

As for its command and control; the attackers use the Telegram channel as a communication medium. The stolen data, system information, and a download link are sent to the attacker’s Telegram channel using a bot token.

Phishing alert: Fake hotel reservation scam uses PDF links to spread MrAnon Stealer
MrAnon Stealer on Telegram and its prices & packages for other cybercriminals (Screenshot credit: Fortinet Labs)

This campaign, active and aggressive during November 2023, primarily targeted Germany, as indicated by the surge in queries for the downloader URL during that period. The cybercriminals behind this operation have exhibited a strategic approach, shifting from Cstealer in July and August to the more potent MrAnon Stealer in October and November.

If you are online, you are vulnerable. Therefore, users are advised to exercise caution when dealing with unexpected emails, especially those containing dubious attachments. Cautiousness and commonsense are keys to thwarting cybercriminals’ attempts to exploit human vulnerabilities and compromise online security.

  1. Booking.com Scam Targeting Guests with Vidar Infostealer
  2. Silent Ransom Group Utilizes Callback Phishing for Network Hacks
  3. USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data
  4. Iran’s MuddyWater Group Hits Israelis with Fake Memo Spear-Phishing
  5. LinkedIn Phishing Scam Exploits Smart Links to Steal Microsoft Accounts

[ad_2]
Source link

Apple admits that it shut down Beeper Mini to protect the privacy of iPhone users

0
[ad_1]
The statement said, “At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.”
Previous attempts to run iMessage over an Android device forced you to use an Apple ID to sign into a remote Mac. With Beeper Mini, you are connecting directly to Apple’s service. There are no middlemen, and no third-party servers are involved. Beeper Mini works by sending your messages directly through Apple, to the recipient, and back as though your Android phone was an iPhone. No relay is required, and there is no signing into a Mac using an Apple ID.
Video Thumbnail

When Apple speaks about “blocking techniques that exploit fake credentials in order to gain access to iMessage,” it is talking about the way Beeper Mini connects to iMessage using Apple’s push notification service. Beeper Mini intercepts this push notification and sends it to your device. Apple’s servers have to be convinced that they are pinging the notifications from an Apple device. Perhaps a Jedi mind trick is employed. (“These are not the Droid devices pretending to be iOS that you’re looking for.”)

Beeper says that no one can read messages sent to you keeping your privacy intact although this cannot be verified by Apple and the company is concerned about your privacy and the privacy of those you are chatting with. When Beeper and others like Sunbird sent your iMessages through the aforementioned Mac, there is no security protecting your messages. But with the notification protocols being used, Apple felt that it needed to cut off Beeper Mini.

Since Apple cut off Beeper Mini, the latter has been hard at work trying to get the service up and running again. Beeper Mini founder Eric Migicovsky (yes, the same guy behind the successful Pebble smartwatches) wonders why Apple would prefer that its users send unencrypted SMS messages to Android users. Migicovsky says, “If Apple truly cares about the privacy and security of their own iPhone users, why would they stop a service that enables their own users to now send encrypted messages to Android users, rather than using unsecure SMS?” 

But just because something makes sense to Migicovsky doesn’t mean that it makes sense to Apple. “What we’ve built is good for the world. It’s something we can almost all agree should exist.” But Apple doesn’t see it that way and the tech giant will continue to do whatever it can to keep iMessage under its own control. 

Even though Apple said that it will support RCS sometime next year, the early word is that the green bubbles will still exist which means that Android users will still be identified as such by iPhone owners although the differences between iMessage and RCS are relatively small enough to allow Android users to join a group chat without having to face the insults and attacks that iPhone users currently throw at those with an Android device.

[ad_2]
Source link

Russian FSB accused of spear-phishing campaign

0
[ad_1]

The Russia-based actor Star Blizzard (formerly known as SEABORGIUM) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK and US, as well as other geographical areas of interest, for information-gathering activity. That’s according to an international cyber security advisory from multiple governments which states that Star Blizzard (also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) is almost certainly subordinate to the Russian Federal Security Service (FSB) Centre 18.

Star Blizzard has targeted sectors including academia, governmental organizations, NGOs, think tanks and politicians since 2019. Targets in the UK and US appear to have been most affected by Star Blizzard activity, however activity has also been observed against targets in other NATO countries and neighboring Russia, the advisory read. More recently, Star Blizzard activity appeared to expand further to include defense-industrial targets, as well as US Department of Energy facilities.

The UK Foreign Office has summoned the Russian ambassador and sanctioned a Russian intelligence officer along with a second member of the Star Blizzard group, according to Sky News. The UK government said the malicious cyber activity is an attempt to interfere in UK politics and democratic processes.

Star Blizzard conducts reconnaissance and impersonates contacts of their targets

Using open-source resources to conduct reconnaissance, including social media and professional networking platforms, Star Blizzard identifies hooks to engage targets, the advisory stated. “They take the time to research their interests and identify their real-world social or professional contacts.”

The threat actor creates email accounts impersonating known contacts of their targets to help appear legitimate. “They also create fake social media or networking profiles that impersonate respected experts and have used supposed conference or event invitations as lures.” Star Blizzard uses webmail addresses from different providers including Outlook, Gmail, Yahoo and Proton mail in their initial approach.

Personal email addresses targeted with spear-phishing

Star Blizzard has predominantly sent spear-phishing emails to targets’ personal email addresses, although they have also used targets’ corporate or business email addresses, the government said. “The actors may intentionally use personal emails to circumvent security controls in place on corporate networks.”

Having researched their targets’ interests and contacts to create a believable approach, Star Blizzard then starts to build trust with potential victims. “They often begin by establishing benign contact on a topic they hope will engage their targets. There is often some correspondence between attacker and target, sometimes over an extended period, as the attacker builds rapport.”

Once trust is established, the attacker uses typical phishing tradecraft and shares a link, apparently to a document or website of interest. This leads the target to an actor-controlled server, prompting the target to enter account credentials. “The malicious link may be a URL in an email message, or the actor may embed a link in a document on OneDrive, Google Drive or other file-sharing platforms.”

Threat actor uses open-source framework to harvest credentials and session cookies

Star Blizzard uses the open-source framework EvilGinx to harvest credentials and session cookies, successfully bypassing the use of two-factor authentication (2FA). Once the target clicks on the malicious URL, they are directed to an actor-controlled server that mirrors the sign-in page for a legitimate service. Any credentials entered at this point are now compromised.

“Star Blizzard then uses the stolen credentials to log in to a target’s email account, where they are known to access and steal emails and attachments from the victim’s inbox. They have also set up mail-forwarding rules, giving them ongoing visibility of victim correspondence.”

Furthermore, the actor has used their access to a victim email account to access mailing-list data and a victim’s contacts list, which they then use for follow-on targeting. They have also used compromised email accounts for further phishing activity.

A number of mitigations will be useful in defending against the activity, the advisory stated. These include:

  • Using multi-factor authentication (MFA) to reduce the impact of password compromises.
  • Protecting devices and networks by keeping them up to date.
  • Enabling email providers’ automated email scanning features.
  • Disabling mail-forwarding.

Revelations of Russian state-sponsored activity are no surprise

The revelations detailing alleged Russian state-sponsored attempts to influence democratic processes should come as no surprise, commented Chris Morgan, senior cyber threat intelligence analyst at cyber security firm ReliaQuest. “For several years, multiple Western countries have accused Russia of attempting to conduct espionage against its adversaries, sowing disinformation and otherwise seeking to undermine democratic processes. Such covert activities also allow Russia to extract sensitive information, maintain persistence within systems of organizations of strategic interest and obtain intelligence to guide Russian foreign policy.”

The attribution to StarBlizzard is also not unexpected, Morgan said. “The group has previously used domain impersonation to facilitate theft of credentials, while regularly rotating their infrastructure to avoid detection. Despite being agile and sophisticated, such APT groups continue to use rudimentary techniques – largely because they work.”



[ad_2]
Source link

Preparing for the worst: Strategies for resilience

0
[ad_1]

Even the most vigilant organizations can become targets of sophisticated cyber adversaries. Malware and ransomware attacks not only pose significant financial and reputational risks but are increasingly prevalent, with Gartner estimating the average cost of a ransomware attack to businesses at around US$150,000. As organizations grapple with the aftermath of such attacks, a critical question emerges: How can they effectively respond, minimize damage, and fortify their defenses against future threats? 

Watch this insightful session featuring Doug Witschi, a seasoned former Interpol cybercrime threat response expert, as we delve into the strategies for managing the repercussions of malware and ransomware attacks. Doug discusses the importance of global collaboration, effective detection controls for suspicious behavior, and proactive measures to safeguard employees – often the primary targets of cyber adversaries. 

Explore:

  • Strategic Response to Malware and Ransomware Attacks: Gain insights into recognizing and responding promptly to malware and ransomware incidents. Explore methods to minimize damage and restore normal operations swiftly.
  • The Power of Global Collaboration: Discover the advantages of global collaboration in the ongoing battle against cyber threats. Explore how organizations can unite to strengthen their collective defenses and share intelligence.
  • The Human Firewall: Recognize the pivotal role employees play in cybersecurity. Learn effective strategies to educate and empower them as active participants in preventing cyberattacks, turning them into a resilient human firewall.
  • Global Implications of Cyber Threats: Understand the far-reaching nature of cyber threats and their implications for organizations operating across diverse jurisdictions. Gain insights into the global landscape of cyber risks and how to navigate them effectively.


[ad_2]
Source link

Misunderstanding leads to bogus rumor that the Amazon app was hacked

0
[ad_1]

A worrisome rumor about the Amazon app is making the rounds. The rumor is that Amazon has been hacked and the attackers added random Amazon lockers to users’ lists of saved addresses on the app. Scared Amazon subscribers said that these were not legitimate lockers and that orders sent to one of these fake lockers, located in places labeled as Amazon Locker, Amazon Hub Locker, Amazon Fresh, or Amazon Counter would end up stolen by the thieves responsible for posting the lockers listed in the app.

While my personal Amazon account did not have any of these Amazon lockers listed, my son did have three such locations which I deleted for him. But as it turned out, Amazon was not hacked and the whole thing was an example of how something legitimate can get blown out of proportion online. It merely was an attempt by Amazon to allow its subscribers to have orders delivered to one of its secure lockers near each subscriber. 
Now that we are in the holiday shopping season, a huge number of packages are arriving on porches daily. And that makes it a great time to be a porch pirate swiping merchandise from the front of shoppers’ homes as soon as the boxes are taken off those ubiquitous Amazon trucks. So Amazon thought that it was doing its customers a favor by allowing them to have their purchases delivered to a secure Amazon locker near them. And guess what, some of them are located inside Amazon Fresh and Whole Foods grocery stores.

The problem is that Amazon has not been very clear in explaining why these addresses just showed up out of nowhere on the Amazon app. To see if Amazon added some close-by Amazon lockers near you, open the app and tap the icon of a head and body at the bottom of the screen. Once you do that, tap on “Your Orders” at the top of the display. Under “Account Settings,” press “Your Addresses” and besides your personal addresses, you’ll see nearby Amazon lockers where you can request your Amazon orders be sent to.

So there is no need to delete these addresses and if you’re concerned about someone ripping off your Amazon deliveries, selecting one of the Amazon lockers might be a safer and more secure delivery option, especially if there is no one at home all day when an Amazon truck might be coming by to drop off some packages to you.

So we’ve put the kibosh on this rumor about Amazon being hacked. Montana MacLachlan, Amazon’s global media relations spokesperson said, “We have no evidence of a security event at Amazon and our systems remain secure. Customers who have questions about their account should contact customer service.”


[ad_2]
Source link

Beeper Mini is currently down, possibly shut down by Apple (Update: partially working)

0
[ad_1]

UPDATE 12/9/23: Beeper has provided an update on both the Beeper Cloud and Beeper Mini apps. Beeper Cloud is partially working, but only for Apple ID logins and not using your phone number. Beeper Mini is still down and the company has had to deregister all the phone numbers from iMessage that were registered via their workaround. This had to be done so that messages from iPhone folks to Android would defer back to being sent via SMS instead of disappearing into the ether. The company does say there is a fix coming soon for both.

Furthermore, the free trial period for the Beeper Mini application is being extended to an additional week, which will reset when the fix is released.

The original story continues below.

Beeper Mini, the Android app that promised iMessage functionality with a unique security approach, suddenly stopped working for many users earlier today. In less than a week after its public launch, the app’s seemingly seamless integration with the Apple ecosystem appears to be short-lived, raising concerns about the viability of bringing iMessage to Android in a secure and sustainable way.
Many reports across Reddit and other platforms confirm that Beeper Mini is currently unable to send or receive messages for many users. Some also report that Apple ID sign-in is currently not working if the app is re-installed or activated on a new device. Attempting to use the app to send messages brings back an error message saying “failed to lookup on server; lookup request timed out.”
The reason for the outage was initially unclear. However, in a statement to TechCrunch, Beeper CEO Eric Migicovsky provided more details and confirmed that there is a possibility that Apple found a way to cut off the app’s ability to work via the methods it had been using. Furthermore, he added:
Upon its launch, Beeper Mini’s innovative approach stood out from other iMessage-on-Android solutions. Unlike its competitors, which often relied on third-party servers and questionable security practices, Beeper Mini directly reverse-engineered iMessage, allowing users to sign in with their Apple ID and phone number. This promised a secure and native-like experience for Android users.
However, the app’s sudden outage has cast doubt on its future. When asked by TC what today’s outage means for Beeper Mini going forward, Migicovsky stated “We’ll evaluate options.” For now, the Beeper team has posted an update on both Twitter/X and via a reply on Reddit stating that the issue is on their side and that they are currently working on it.

Beeper Mini’s outage highlights the challenges inherent in bringing iMessage to Android. Apple’s closed ecosystem and proprietary protocols make it difficult for third-party developers to establish a stable and secure connection. With the holidays approaching, users who rely on both Android and iOS devices will be watching closely to see if Beeper Mini can overcome this obstacle and restore its functionality.


[ad_2]
Source link

DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia

0
[ad_1]

Qurium, the Swedish media foundation and human rights watchdog leading the investigation into these DDoS attacks implicates FineProxy and RayoByte in facilitating the attacks.

On November 30, 2023, Rappler, the leading digital media company in the Philippines, found itself under a massive series of crippling DDoS attacks (Distributed Denial of Service Attacks).

Qurium, the Swedish media foundation and human rights watchdog, leading the investigation into the recent DDoS attacks, has exposed the alleged participation of two major proxy providers, FineProxy and RayoByte, in facilitating the series of crippling DDoS attacks.

In a blog post published by Rappler, On December 5, 2023, the company experienced an unprecedented surge of over 40 million requests to its homepage within a span of one hour. The investigation, conducted by Qurium, analyzed 90GB of access log data provided by Rappler and traced the malicious activity back to FineProxy and RayoByte.

FineProxy from Russia

According to a report published by Qurium, FineProxy, a Russian-based proxy infrastructure, has a history of involvement in numerous DDoS attacks against various organizations.

Despite being approached multiple times by Qurium, FineProxy showed little interest in resolving the issue and instead offered to disclose the client responsible for the attacks on the condition that Qurium remove all forensic reports involving their name.

DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia
For a comprehensive understanding of the details provided in the screenshot above, delve into Qurium’s report outlining FineProxy’s infrastructure and a documented timeline of its business model.

RayoByte from the United States

RayoByte, based in Nebraska and operating under Sprious LLC, claims to be an “ethical proxy provider.” However, evidence collected by Qurium suggests otherwise, as the investigation revealed the use of fake geolocations in their networks and a willingness to engage in unethical practices.

It is worth noting that during the DDoS attack on Rappler, traffic peaked at a staggering 250,000 requests per second. The assailants targeted Rappler’s website with multiple waves of attacks, originating from both residential and data center connections.

Qurium’s investigation exposed the complex web of networks associated with FineProxy and RayoByte. Both proxy providers, despite claims of ethical standards, have allegedly tampered with geolocation data, associating their networks with fake locations to attract clients.

DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia
The alleged fake locations advertised by RayoByte (Screenshot taken from a separate report published by Qurium available here.

The report concludes that both FineProxy and RayoByte have designed their infrastructures to accommodate almost unlimited connections, enabling customers to automate tasks such as scraping and flooding sites with backlinks at high speeds. This focus on serving clients engaging in potentially abusive SEO practices has led to the use of their infrastructures for conducting DDoS attacks.

Qurium

For readers’ information, Qurium specializes in investigating DDoS attacks with a mission to identify perpetrators and ensure accountability. The organization has been actively investigating the recent surge in DDoS attacks targeting media and human rights organizations in the Philippines.

Qurium’s noteworthy track record includes investigations into significant cyber incidents. This includes their examination of weeks-long DDoS attacks on the Philippines Human Rights watchdog ‘Karapatan.’

In November 2023, Qurium exposed Chinese scammers exploiting cloned websites within an extensive gambling network. Furthermore, in September 2019, the organization released a report shedding light on how an illegal prostitution ring disrupted the Internet in Kazakhstan.

Nevertheless, the troubling findings call into question the responsibility and moral guidelines of proxy providers, which seem to shield users involved in harmful actions. The disclosures concerning the absence of supervision and accountability among these providers are troubling, provoking deep concerns about their function in protecting the Internet.

  1. List of Proxy IPs Exposed to Block Killnet’s DDoS Bots
  2. Cloudflare thwarts largest reported HTTP DDoS attack
  3. 48 DDoS-hiring Services Busted by FBI in Major Sweep
  4. UK Royal Family Website Hit by DDoS Attack from Russian KillNet
  5. Kaspersky Reveals Alarming IoT Threats and Dark Web DDoS Boom
  6. Operator of Major Proxy Botnet ‘IPStorm’ Arrested, Pleads Guilty in US

[ad_2]
Source link

WordPress POP Chain Flaw Exposes Over 800M+ Sites to Attack

0
[ad_1]

A critical remote code execution vulnerability has been patched as part of the WordPress 6.4.2 version.

This vulnerability exists in the POP chain introduced in version 6.4, which can be combined with a separate Object Injection, resulting in the execution of arbitrary PHP code on the website.

There was no CVE assigned for this vulnerability. However, WordPress urges its users to upgrade to this latest version to prevent full site takeover attacks in case another vulnerability exists.

WordPress POP Chain Flaw

This vulnerability exists in the WP_HTML_Token class, which is used to improve HTML parsing in the block editor.

This class contains a __destruct method that gets executed automatically when the PHP has processed the request. It also uses call_user_func to execute the function passed to the on_destroy property. 

A threat actor can take full control over the on_destroy and bookmark_name properties by exploiting an Object Injection vulnerability and executing arbitrary code on the website.

public function __wakeup() {
  throw new \LogicException( __CLASS__ . ‘ should never be unserialized’ );
}
Source: WordPress

Moreover, there is a potential POP chain in the WordPress core that can increase the risk of any Object Injection vulnerabilities. However, the current version of WordPress’ newly added __wakeup method uses a serialized object with the WP_HTML_Token class that prevents the __destruct function from executing. 

A complete report about this vulnerability has been published by Wordfence, which provides detailed information about the source code, analysis, and other information. 

Users of WordPress are recommended to upgrade to the latest version 6.4.2, to prevent this vulnerability from getting exploited by threat actors.

To install the latest version of WordPress, a complete guide with a step-by-step procedure has also been provided.


[ad_2]
Source link