Wordfence cybersecurity researchers: The plugin is vulnerable to time-based SQL Injection. It can be used to extract sensitive information from the database.
heige: New life for TellYouThePass thanks to Log4Shell flaw. The ransomware is the last malware deployed in the cyber-attacks. Update your systems ASAP!
The TellYouThePass ransomware comes to a new life, thanks to the cyber-attack waves on the Apache Log4j library. It has been first discovered by the KnownSec 404 Team cybersecurity researchers “heige”, who post a Tweet on it. TellYouThePass is the last malware deployed in Log4Shell cybercrime attacks since they began injecting Monero miners on compromised systems. BitDefender found a new ransomware family, Khonsari, being installed. Furthermore, Conti operators added a Log4Shell exploit to their arsenal. TellYouThePass, instead, has been used last year with Eternal Blue vulnerabilities to attack multiple organizations. Many National CyberSecurity authorities worldwide are pressing all the government agencies and branches to patch ASAP their systems to close the Log4Shell flaw, due to ever new RCE cyber-attacks waves that still exploit the vulnerability.