WordPress Plugin Flaw
by Artie Kaye
Essential Addons for Elementor has been found to contain a vulnerability which could allow a forced reset of a password without knowing more than the user name or email address. This has been patched out in the most recent update for the plugin, updating is highly recommended as this function can be leveraged against even administrator accounts.
The flaw is listed as CVE-2023-32243.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Greatness Phishing Targeting 365 Users
by Artie Kaye
Greatness is a phishing as a service tool. It functions by luring the user in via an emailed document. Opening the document will cue the user to login to their 365 account to view the file in full. Opening the document triggers a malware installation, which will harvest session data and forward that to the attacker. The reason this attack functions better than many is everything sent to the targeted user will be customized with information relating to that user, with things like company name, logos, etc. Two factor authentication can help mitigate this. The shorter the time between required 2FA usage, the safer one will be as the session data can only be valid for the life of that code entry. Not opening unknown files is the best practice for security.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)