Google WordPress Plug-in Bug Allows AWS Metadata Theft

A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands. [TechWeb]( Follow Dark Reading: [RSS]( December 23, 2022 LATEST SECURITY NEWS & COMMENTARY [Google WordPress Plug-in Bug Allows AWS Metadata Theft]( A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands. [Inside the Next-Level Fraud Ring Scamming Billions Off Holiday Retailers]( "Largest attack of its kind": A potent Southeast Asian e-commerce fraud ring has declared war on US retailers, targeting billions in goods in just the past month and forcing mules into its scheme. [Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal]( Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices. [Security on a Shoestring? Cloud, Consolidation Best Bets for Businesses]( With a recession potentially coming, some companies are cutting security teams. But moving more infrastructure to the cloud and reducing the number of vendors through consolidation may be the best ways to prepare. [Threat Modeling in the Age of OpenAI's Chatbot]( New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work. [Biden Signs Post-Quantum Cybersecurity Guidelines Into Law]( The new law holds the US Office of Budget and Management to a road map for transitioning federal systems to NIST-approved PQC. [New Brand of Security Threats Surface in the Cloud]( Tech Insight report co-produced by Black Hat, Dark Reading, and Omdia examines how cloud security is evolving in a rapid race to beat threat actors to the (cloud) breach. ['Sextortion,' Business Disruption, and a Massive Attack: What Could Be in Store for 2023]( Our growing interconnectedness poses almost as many challenges as it does benefits. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Godfather Banking Trojan Masquerades as Legitimate Google Play App]( The malware has resurfaced, using an icon and name similar to the legitimate Google Play app MYT Music, a popular app with more than 10 million downloads. [Name That Toon: Kiss and Tell]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Why Security Teams Shouldn't Snooze on MFA Fatigue]( Employee education, biometric and adaptive authentication, and zero trust can go a long way in strengthening security. [MORE]( EDITORS' CHOICE [Ransomware Attackers Bypass Microsoft's ProxyNotShell Mitigations With Fresh Exploit]( The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers. LATEST FROM THE EDGE [What Kind of Data Gets Stolen When a Developer is Compromised?]( What is the worst that can happen when a developer's machine is compromised? Depending on the developer's position, attackers gain access to nearly everything: SSH keys, credentials, access to CI/CD pipelines and production infrastructure, the works. LATEST FROM DR TECHNOLOGY [Security Is a Second-Class Citizen in High-Performance Computing]( Vendors and operators attempt to balance power and security, but right now, power is the highest goal. WEBINARS - [The Craziest Cyberattacks Seen In the Wild and How You Can Avoid Them]( It feels like we hear about a new devastating cyberattack in the news every day. And attack methods seem to be proliferating at an exponential rate. So, which tactics should you be aware of beyond standard "click and infect" attack ... - [A Roadmap to Zero Trust: Steps for Meaningful Progress Amongst the Hype]( Join this webinar as our Zero Trust experts discuss "quick wins" like: --Enforcing strong multifactor authentication and Zero Trust policies for critical applications. --Closing inbound ports open to the Internet. --Areas not always included in the Zero Trust conversation, like ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( [View More White Papers >>]( FEATURED REPORTS - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Passwordless Authentication Market to Be Worth $55.7 Billion by 2030: Grand View Research, Inc.]( [Kaspersky Research Finds Reverse Engineering Is the Most On-Demand Skill Among InfoSec Specialists]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)