Recently, over 100 websites belonging to car dealerships were found to serve malicious "ClickFix" code due to a supply chain attack that affected a third-party domain. According to security researcher Randy McEoin, the threat actor infected LES Automotive, a privately held streaming service provider based in Tolland, CT, that primarily focuses on the automotive industry. All websites using LES Automotive's services shared a ClickFix webpage with their visitors. [1]
wordpress (3)
Activity Summary - Week Ending 2 April 2021:
- Red Sky Alliance identified 34,034 connections from new unique IP addresses
- Analysts identified 3,876 new IP addresses participating in various Botnets
- 20 new unique email accounts compromised with Keyloggers were observed this week
- Soccer player’s name Berat Can Sonmez is being used to lure Victims
- EggShell Malware
- New US-IRS Phishing Campaign
- WordPress Vulnerabilities
- ClearURL and Goggle
- Honeywell and Molson Coors Attacked
- Manufacturing IT & OT
- Cyb
A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin could be exploited to gain administrative privileges to a website. This is bad news for Wordpress websites and this vulnerability was disclosed 8 March 2021. The zero-day has been exploited in the wild, the Wordfence team at WordPress security company Defiant warns. With more than 30,000 installations to date, The Plus Addons for Elementor is a premium plugin that has been designed to add several widgets to be
