SEC X Account Hacked to Push Bitcoin ETFs
The Securities and Exchange Commission (SEC) confirmed through a spokesperson and social media announcements that the agency’s X (formerly Twitter) account was compromised to promote Bitcoin ETFs.
Bitcoin’s value spiked to nearly $48k as a result of the false Tweet, despite being taken down just 30 minutes after being published.
CISA Adds Six High-Profile Risks to Vulnerability Catalog
The U.S. Cybersecurity and Infrastructure Agency (CISA) added 6 high-severity security flaws to its Known Exploited Vulnerabilities (KEV) catalog leaving Adobe, Apache, Apple, D-Link, and Joomla! at risk.
The recently added vulnerabilities to the KEV catalog enable threat actors’ abilities to infiltrate systems remotely using tactics such as spyware, leaving data and credentials at risk. The affected companies are given the deadline to fix these vulnerabilities until January 29th, 2024.
AI Engine WordPress Plugin Leaves 50k Sites at Risk
According to an advisory by Patchstack, a critical vulnerability for the ‘AI Engine’ WordPress plugin was identified, leaving its 50k active installations at risk.
The advisory stated that the plugin’s vulnerability is an unauthenticated arbitrary file upload in the rest_upload function within the files.php module, which may permit unauthenticated users to upload malicious arbitrary files leading to remote code execution.
