WordPress Privilege Escalation Exploit
by Artie Kaye

Users of the plugin WPGateway are being actively targeted.  This tool is meant to help unify multiple plugins and give better access to administrator duties.  The exploit allows for the insertion of an unauthorized admin profile.  Compromised accounts have been found to have a new administrator login created named “rangex.”  There is currently no patch available, it is recommended to disable or remove the addon until one is created to prevent abuse.

The flaw is listed as CVE-2022-3180.

https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/

https://www.securityweek.com/wordpress-sites-hacked-zero-day-vulnerability-wpgateway-plugin

https://thehackernews.com/2022/09/over-280000-wordpress-sites-attacked.html

Airplane Network Device Vulnerability
by Artie Kaye

Two series of wireless LAN devices from Contec can be compromised.  These devices can be found mainly on airplanes, but are also used in medical equipment.  The affected products are:

Contec Flexlan FX3000 Series devices running version 1.15.00 and under.

Contec Flexlan FX2000 Series devices running version 1.38.00 and under.

There are patches available for these flaws.  It is recommended to update if using these devices to prevent loss of data.

The flaws are listed as CVE-2022-36158 and CVE-2022-36159.

https://www.contec.com/support/security-info/

https://samy.link/blog/contec-flexlan-fxa2000-and-fxa3000-series-vulnerability-repo

https://www.securityweek.com/passengers-exposed-hacking-vulnerabilities-airplane-wi-fi-devices

https://www.infosecurity-magazine.com/news/vulnerabilities-found-airplane/

Facebook Ad Phishing Scam
by Artie Kaye

A phishing scam involving fake warnings regarding Facebook advertising accounts has come to light.  The attack is leveraging official URLs and mimicking login screens to steal users login information.  Because they use legitimate information in some fields, they bypass many spam filters.  These types of attacks rely on users not double checking information before clicking through links sent via email.  Always check links, and senders, regardless of how official the message looks.  If you believe there is a chance the message is real, do not click on any links, proceed to the login page manually and check from there.  Keep your information safe.

https://www.darkreading.com/attacks-breaches/cyberattackers-abuse-facebook-ad-manager-credential-harvesting-campaign

https://www.avanan.com/blog/leveraging-facebook-ads-to-send-credential-harvesting-links