Advisory ID: ngCERT-2022-0065
CVE(s): CVE-2021-24867
Summary: New discovery revealed that dozens of WordPress themes and plugins were backdoored with malicious code with the goal of infecting further sites. Also, a security shortcoming affecting three different WordPress plugins that impacted over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites has been disclosed.
Vulnerable Platform(s): WordPress Content Management System
Advisory ID: ngCERT-2022-0063
Summary: Security experts have uncovered a new year scheme employed by a cybercrime group to deliver ransomware to targeted organizations. The group has been mailing out USB thumb drives to many organizations in the hope that recipients will plug them into their PCs and install ransomware on their networks. While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals.