Top new - Bkav Corporation

Do your best, the rest will come !

5 million websites are at risk because of vulnerabilities in WordPress' LiteSpeed

03:11:00 | 28-03-2024

An XSS vulnerability has just been discovered in the LiteSpeed Cache WordPress plugin that allows an unauthenticated attacker to escalate privileges, steal sensitive information... by making a single HTTP request

The vulnerability is identified as CVE-2023-40000. Exists in version 5.7.01 released in October 2023. Experts say this XSS vulnerability exists in a notice for administrators and can appear in all administration interfaces. Therefore, anyone with access to the website administration interface (wp-admin) can exploit this vulnerability.

The LiteSpeed Cache plugin is used to improve website performance and currently has over 5 million installations. WordPress said the cause of the vulnerability was due to shortcomings in checking user input.

Administrators are recommended to update the LiteSpeed Cache plugin to the latest version, deploy a WAF firewall to prevent XSS attacks, and strictly manage user roles and permissions.

Others

The DEEP#GOSU virus campaign takes advantage of Google Docs and Dropbox to attack Windows users

LockBit ransomware virus attacks Windows Domain servers in Vietnam

5 million websites are at risk because of vulnerabilities in WordPress' LiteSpeed

Warning: using AI to create fake images and voices to scam money

Bug in Microsoft Outlook allows hackers to steal information and take control of devices

OPSWAT and Bkav signed a strategic partnership

Summary of cybersecurity in 2023 and forecast for 2024

Warning: Many Elknot virus variants appear targeting Vietnamese Linux servers

Bkav launches Bkav Pro 2024 with the orientation of expanding the global market

Applications impersonating government agencies to spread viruses on Android are highly active in Vietnam