Security Daily Review
Security Daily Review
  • 739
  • 81 409
LiteSpeed Cache Bug Impacts 6 Million Wordpress Sites
Over 6 million WordPress sites are in potential danger thanks to a critical vulnerability found in one of the most popular WordPress plugins - LiteSpeed Cache.
Most of you have likely heard of LiteSpeed Cache - it's one of the go-to plugins for improving WordPress performance. But a dangerous bug has been residing in this plugin for who knows how long.
The bug allows attackers to steal admin cookies and fully compromise sites with a single click. In this video, we'll take an in-depth look at how this vulnerability works, what details were exposed, and what site owners can do to secure their WordPress installs.
The vulnerability stems from LiteSpeed Cache's debugging features. When enabled, it would log all HTTP response headers, including session cookies, to a publicly accessible log file. This included authentication cookies, so simply viewing the log gave attackers the keys to the castle. Even outdated debug logs posed a risk if cookies hadn't expired.
With no security precautions, attackers only needed the URL to grab those cookies and hijack admin sessions. And with 6 million sites affected, criminals had a huge target pool. They could silently assume full control and infect sites with malware without triggering any alarms.
#LiteSpeed #Wordpress #bug #news #cybersecurity #website #security #wordpressplugin
FIND US AT
dailysecurityreview.com/
FOLLOW US ON SOCIAL
Get updates or reach out to Get updates on our Social Media Profiles!
Twitter: securitydailyr
Facebook: profile.php?id=100086307206534
LinkedIn: www.linkedin.com/company/security-daily-review
มุมมอง: 22

วีดีโอ

VK Data Breach: Over 390 Million Russian User Records Exposed3:05VK Data Breach: Over 390 Million Russian User Records Exposed
VK Data Breach: Over 390 Million Russian User Records Exposed
มุมมอง 239 ชั่วโมงที่ผ่านมา
VK, Russia's leading social media platform, has been hit by a data leak that has compromised the privacy of millions of users. A threat actor known as "HikkI-Chan" accessed a vast trove of VK profile data, including names, email addresses, cities, countries, and profile photo URLs. While VK claims they were not directly hacked, the leaked data poses a significant risk to user privacy. Attackers...
Tracelo Breach Leaks 1.4 Million Location Records4:10Tracelo Breach Leaks 1.4 Million Location Records
Tracelo Breach Leaks 1.4 Million Location Records
มุมมอง 8712 ชั่วโมงที่ผ่านมา
In what has to be one of the biggest leaks of location data to date, a hacker recently accessed over 1.4 million Tracelo user records. Tracelo bills itself as a tool to help find missing people or monitor family and friends, claiming it can pinpoint anyone's location using just their phone number. But did they have the right security measures in place to protect such sensitive data? Let's take ...
CBIZ Customer Data Breach: 36000 Impacted4:31CBIZ Customer Data Breach: 36000 Impacted
CBIZ Customer Data Breach: 36000 Impacted
มุมมอง 3214 ชั่วโมงที่ผ่านมา
CBIZ, a major business services firm, has disclosed a data breach impacting nearly 36,000 customers. On June 24th, CBIZ discovered that an unauthorized party had accessed certain databases containing customer information. Their investigation found that between June 2nd and 21st, a vulnerability on one of their web pages was exploited, allowing the attacker to steal data from those databases. Th...
Google Sheets Abused in New Voldemort Malware Campaign4:56Google Sheets Abused in New Voldemort Malware Campaign
Google Sheets Abused in New Voldemort Malware Campaign
มุมมอง 10016 ชั่วโมงที่ผ่านมา
A new cyberespionage campaign has been discovered spreading the Voldemort backdoor which utilizes Google Sheets for command and control of infected systems while stealing data. This malware goes by the name "Voldemort" and it uses some clever techniques like Google Sheets to carry out its malicious activities while remaining hidden. According to researchers at Proofpoint, Voldemort distribution...
DICK's Sporting Goods Shuts Down IT Systems After Cyber Attack3:53DICK's Sporting Goods Shuts Down IT Systems After Cyber Attack
DICK's Sporting Goods Shuts Down IT Systems After Cyber Attack
มุมมอง 213วันที่ผ่านมา
DICK'S Sporting Goods shuts down all employee email and locks user accounts across the entire company after discovering a significant cyberattack. They detected a serious cybersecurity incident involving unauthorized access to their internal systems. In response, they immediately shut down email access and locked employee accounts across the entire company while they worked to contain the threa...
Cucamonga Valley Water District Cyberattack: Ransomware Targets Critical Infrastructure3:42Cucamonga Valley Water District Cyberattack: Ransomware Targets Critical Infrastructure
Cucamonga Valley Water District Cyberattack: Ransomware Targets Critical Infrastructure
มุมมอง 25วันที่ผ่านมา
Earlier this month, thousands of water customers in Southern California found themselves locked out of making bill payments over the phone after a ransomware attack hit the utility servicing their area. On August 27th, the Cucamonga Valley Water District, which provides water services to over 190,000 customers, fell victim to a cyberattack on August 15th that disabled their phone payment system...
BlackSuit Ransomware Attack Exposes 950,000 in Young Consulting Data Breach4:26BlackSuit Ransomware Attack Exposes 950,000 in Young Consulting Data Breach
BlackSuit Ransomware Attack Exposes 950,000 in Young Consulting Data Breach
มุมมอง 71วันที่ผ่านมา
BlackSuit Ransomware Attack Exposes 950,000 in Young Consulting Data Breach
Patelco Data Breach Impacts 700,000 Customers3:11Patelco Data Breach Impacts 700,000 Customers
Patelco Data Breach Impacts 700,000 Customers
มุมมอง 33วันที่ผ่านมา
Patelco Data Breach Impacts 700,000 Customers
Seattle-Tacoma Airport Operations Disrupted After Cyberattack3:39Seattle-Tacoma Airport Operations Disrupted After Cyberattack
Seattle-Tacoma Airport Operations Disrupted After Cyberattack
มุมมอง 13วันที่ผ่านมา
Seattle-Tacoma Airport Operations Disrupted After Cyberattack
Qilin Ransomware's New Tactic: Harvesting Google Chrome Credentials3:45Qilin Ransomware's New Tactic: Harvesting Google Chrome Credentials
Qilin Ransomware's New Tactic: Harvesting Google Chrome Credentials
มุมมอง 7014 วันที่ผ่านมา
Qilin Ransomware's New Tactic: Harvesting Google Chrome Credentials
Oil Giant Halliburton Hit by Cyberattack: Operations Disrupted3:16Oil Giant Halliburton Hit by Cyberattack: Operations Disrupted
Oil Giant Halliburton Hit by Cyberattack: Operations Disrupted
มุมมอง 3.4K14 วันที่ผ่านมา
Oil Giant Halliburton Hit by Cyberattack: Operations Disrupted
CannonDesign Hit by Avos Locker Ransomware Attack: 5.7TB Sensitive Data Exfiltrated2:51CannonDesign Hit by Avos Locker Ransomware Attack: 5.7TB Sensitive Data Exfiltrated
CannonDesign Hit by Avos Locker Ransomware Attack: 5.7TB Sensitive Data Exfiltrated
มุมมอง 2014 วันที่ผ่านมา
CannonDesign Hit by Avos Locker Ransomware Attack: 5.7TB Sensitive Data Exfiltrated
Toyota Data Leak: ZeroSevenGroup Steals 240GB of Customer Information3:02Toyota Data Leak: ZeroSevenGroup Steals 240GB of Customer Information
Toyota Data Leak: ZeroSevenGroup Steals 240GB of Customer Information
มุมมอง 5314 วันที่ผ่านมา
Toyota Data Leak: ZeroSevenGroup Steals 240GB of Customer Information
8 Email Red Flags You Can't Ignore: Avoid Being Hacked!3:548 Email Red Flags You Can't Ignore: Avoid Being Hacked!
8 Email Red Flags You Can't Ignore: Avoid Being Hacked!
มุมมอง 721 วันที่ผ่านมา
8 Email Red Flags You Can't Ignore: Avoid Being Hacked!
How the World’s First Online Bank Heist Happened | The True Story of a Digital Robber6:13How the World’s First Online Bank Heist Happened | The True Story of a Digital Robber
How the World’s First Online Bank Heist Happened | The True Story of a Digital Robber
มุมมอง 1421 วันที่ผ่านมา
How the World’s First Online Bank Heist Happened | The True Story of a Digital Robber
City of Columbus Ransomware Attack: Data of Half a Million at Risk3:13City of Columbus Ransomware Attack: Data of Half a Million at Risk
City of Columbus Ransomware Attack: Data of Half a Million at Risk
มุมมอง 1921 วันที่ผ่านมา
City of Columbus Ransomware Attack: Data of Half a Million at Risk
Tehran's Finances in Trouble: Who Hacked Iran's Banks?3:16Tehran's Finances in Trouble: Who Hacked Iran's Banks?
Tehran's Finances in Trouble: Who Hacked Iran's Banks?
มุมมอง 6321 วันที่ผ่านมา
Tehran's Finances in Trouble: Who Hacked Iran's Banks?
AutoCanada Cyberattack: Another Car Dealer Down!3:02AutoCanada Cyberattack: Another Car Dealer Down!
AutoCanada Cyberattack: Another Car Dealer Down!
มุมมอง 1921 วันที่ผ่านมา
AutoCanada Cyberattack: Another Car Dealer Down!
Ohio State School Board Association (OSBA) Cyberattack: Website and Servers Down2:49Ohio State School Board Association (OSBA) Cyberattack: Website and Servers Down
Ohio State School Board Association (OSBA) Cyberattack: Website and Servers Down
มุมมอง 2421 วันที่ผ่านมา
Ohio State School Board Association (OSBA) Cyberattack: Website and Servers Down
The Biggest Data Breach Ever? Over 2.7 Billion Social Security Numbers Leaked Online5:10The Biggest Data Breach Ever? Over 2.7 Billion Social Security Numbers Leaked Online
The Biggest Data Breach Ever? Over 2.7 Billion Social Security Numbers Leaked Online
มุมมอง 34228 วันที่ผ่านมา
The Biggest Data Breach Ever? Over 2.7 Billion Social Security Numbers Leaked Online
ADT Data Breach: Servers Hacked, 30K Customer Data Leaked4:13ADT Data Breach: Servers Hacked, 30K Customer Data Leaked
ADT Data Breach: Servers Hacked, 30K Customer Data Leaked
มุมมอง 87หลายเดือนก่อน
ADT Data Breach: Servers Hacked, 30K Customer Data Leaked
McLaren Health Care Cyberattack Linked to INC Ransomware2:30McLaren Health Care Cyberattack Linked to INC Ransomware
McLaren Health Care Cyberattack Linked to INC Ransomware
มุมมอง 80หลายเดือนก่อน
McLaren Health Care Cyberattack Linked to INC Ransomware
Kadokawa Confirms Data Breach: 254,000 Impacted3:09Kadokawa Confirms Data Breach: 254,000 Impacted
Kadokawa Confirms Data Breach: 254,000 Impacted
มุมมอง 481หลายเดือนก่อน
Kadokawa Confirms Data Breach: 254,000 Impacted
Hunters International Group Hunts IT Workers with 'SharpRhino' - New Backdoor Malware3:17Hunters International Group Hunts IT Workers with 'SharpRhino' - New Backdoor Malware
Hunters International Group Hunts IT Workers with 'SharpRhino' - New Backdoor Malware
มุมมอง 545หลายเดือนก่อน
Hunters International Group Hunts IT Workers with 'SharpRhino' - New Backdoor Malware
CrowdStrike vs Delta Airlines: Battle Over Cybersecurity Outage2:19CrowdStrike vs Delta Airlines: Battle Over Cybersecurity Outage
CrowdStrike vs Delta Airlines: Battle Over Cybersecurity Outage
มุมมอง 44หลายเดือนก่อน
CrowdStrike vs Delta Airlines: Battle Over Cybersecurity Outage
Sable International Cyberattack: Immigration Firm Customer Data Compromised2:24Sable International Cyberattack: Immigration Firm Customer Data Compromised
Sable International Cyberattack: Immigration Firm Customer Data Compromised
มุมมอง 62หลายเดือนก่อน
Sable International Cyberattack: Immigration Firm Customer Data Compromised
Cencora Confirms Stolen Health Data in February Cyberattack3:02Cencora Confirms Stolen Health Data in February Cyberattack
Cencora Confirms Stolen Health Data in February Cyberattack
มุมมอง 26หลายเดือนก่อน
Cencora Confirms Stolen Health Data in February Cyberattack
OneBlood Blood Donation Non-Profit Faces Blood Shortage Post Ransomware Attack3:40OneBlood Blood Donation Non-Profit Faces Blood Shortage Post Ransomware Attack
OneBlood Blood Donation Non-Profit Faces Blood Shortage Post Ransomware Attack
มุมมอง 9หลายเดือนก่อน
OneBlood Blood Donation Non-Profit Faces Blood Shortage Post Ransomware Attack
ServiceNow Critical Vulnerabilities Put 100 Organizations at Risk4:31ServiceNow Critical Vulnerabilities Put 100 Organizations at Risk
ServiceNow Critical Vulnerabilities Put 100 Organizations at Risk
มุมมอง 43หลายเดือนก่อน
ServiceNow Critical Vulnerabilities Put 100 Organizations at Risk

ความคิดเห็น

  • @b.m.robertson5959
    @b.m.robertson5959 7 วันที่ผ่านมา

    Try MFA instead of FaceTime 😂....manually reinstating email, cutting edge Dicks lol

  • @keepinup2360
    @keepinup2360 9 วันที่ผ่านมา

    I just got a boot kit put on my computer what do I do?! I can’t even load past the bios!

    • @securitydailyreview
      @securitydailyreview 7 วันที่ผ่านมา

      It is best to seek expert help than to try solving a bootkit issue by yourself as it may endanger others on the network. If that is not an option for you, then here are some options to look into: 1. Disconnect from the internet: unplug ethernet cable or turn-off the wifi adapter. 2. Attempt a safe mode boot: If you can, try booting your computer into safe mode. This will disable most third-party applications, which might help you identify and remove the boot kit. 3. Use a bootable antivirus: Create a bootable antivirus drive (e.g., using tools like Kaspersky Rescue Disk or ESET SysRescue) on another computer. Boot from this drive on your infected machine. Scan your system thoroughly for any malware, including the boot kit.

    • @keepinup2360
      @keepinup2360 7 วันที่ผ่านมา

      @@securitydailyreview I just got a whole new pc I had a warranty on mine now on that case I didn’t change my ip or anything been playing again for about 2 days everything on my computer seems safe.

    • @keepinup2360
      @keepinup2360 7 วันที่ผ่านมา

      Do I need to change my ip?

    • @securitydailyreview
      @securitydailyreview 7 วันที่ผ่านมา

      @@keepinup2360 If it's a new pc, then the IP should already be changed.

    • @keepinup2360
      @keepinup2360 7 วันที่ผ่านมา

      @@securitydailyreview that’s what I thought

  • @ilyasjd
    @ilyasjd 10 วันที่ผ่านมา

    How to recover H Computer?

  • @DT_Liox
    @DT_Liox 17 วันที่ผ่านมา

    It's not just affecting the main office.

  • @MsGeneral10
    @MsGeneral10 18 วันที่ผ่านมา

    I see it is already in media wow

  • @blubaustin1
    @blubaustin1 19 วันที่ผ่านมา

    277GB? Do you mean 164GB?

    • @Gshockgutta
      @Gshockgutta 7 วันที่ผ่านมา

      You have link 👀

  • @ChrisM-ve6qc
    @ChrisM-ve6qc 26 วันที่ผ่านมา

    The narrator’s vocal fry is fingernails on the blackboard.

  • @thomassnew1053
    @thomassnew1053 หลายเดือนก่อน

    Here we go again....

  • @thomassnew1053
    @thomassnew1053 หลายเดือนก่อน

    Everyday there's a data breach. Scandalous.....

  • @thomassnew1053
    @thomassnew1053 หลายเดือนก่อน

    A new day a new data breach.... Scandalous...

  • @thomassnew1053
    @thomassnew1053 หลายเดือนก่อน

    I just found out I'm a part of this. Never been on the website

  • @danielteegarden8982
    @danielteegarden8982 หลายเดือนก่อน

    Rite-Aid employee sold the data. And it all happened between 2017 and 2018 and just now being told to us !

  • @commanderpaladin
    @commanderpaladin หลายเดือนก่อน

    What AI do you use for your videos creation?

  • @Projectandroidfy6057
    @Projectandroidfy6057 หลายเดือนก่อน

    I send the elite penguin force to hack Disney 😊 (Btw this is a joke)

  • @LoydOsborne
    @LoydOsborne หลายเดือนก่อน

    This video really makes 2.5GBs of data sound a like a lot. That's literally not that much, but okay 💀💀

    • @banhatlessducks
      @banhatlessducks หลายเดือนก่อน

      Unless it's compressed

  • @D_FlipBook
    @D_FlipBook หลายเดือนก่อน

    While I don't condone cyberattacks, the heartbreak of the _Club Penguin_ fans is all too relatable. 😔

  • @reginaann7792
    @reginaann7792 หลายเดือนก่อน

    Everybody I know that applied at the advanced auto warehouse got a letter in the mail about the breach. So if you applied for a job with them,, then your info was compromised too.

  • @jayko4044
    @jayko4044 หลายเดือนก่อน

    So you charge ppl who have there info stolen. You are the crook

  • @RazielAU
    @RazielAU หลายเดือนก่อน

    From what I can tell looking at the file, it doesn't seem to contain usernames, it's just a list of passwords. The intent would be to use it for brute force attacks, but even if you're able to try 10 passwords per second, that's still 1 billion seconds (over 30 years) to try all those passwords for a single account on a single site. If they were paired with usernames, it would be a lot more scary, but as it stands, I think the practical use of this list is limited. Even if you knew one of the passwords in that list is the one you're looking for, it would still be almost impossible to find the password you're looking for. If there's a version that does contain usernames as well, it would be a very different discussion.

    • @kjyu4539
      @kjyu4539 หลายเดือนก่อน

      probably can be useful for offline cracking like cracking archive file passwords like winrar

    • @RazielAU
      @RazielAU หลายเดือนก่อน

      ​@@kjyu4539 Unless you have access to a ton of computers, I think it's use would still be limited. Let's say you could test a thousand passwords per second (a fairly unrealistic target, as it usually needs to extract a file to test if the password was correct or not, which of course takes time), let's say you have the computer resources to do it, that's still almost 4 months to try all those passwords, and the password may not even be among those leaked. I think the bigger question is whether the creators of this list of passwords happen to have a version including usernames. That is where I'd be concerned.

  • @sciencefic666
    @sciencefic666 หลายเดือนก่อน

    fckkkkk

  • @user-zt5wf4fi9w
    @user-zt5wf4fi9w 2 หลายเดือนก่อน

    My school! Whoever hacked it is goated- I mean bad…

  • @themarkman8822
    @themarkman8822 2 หลายเดือนก่อน

    Has anybody heard a peep from the NCUA ??

  • @iewauhedoc9970
    @iewauhedoc9970 2 หลายเดือนก่อน

    Fools