Newsletter
Advisories, Vulnerabilities & Alerts
Ethan Grammer
Senior Infrastructure
& Cybersecurity Engineer
Guillermo Sanchez
Senior Cybersecurity Engineer
WordPress Plugin Potentially Exposes 1 Million Websites
Description: A new vulnerability was released regarding a WordPress plugin called W3 Total Cache plugin that is installed on more than 1 million websites which could open websites up to leaked information and webpage hijacking. The vulnerability causes the ability for attackers to proxy website requests to other services and capture information provided by end users.
Recommended Actions:
- Check WordPress deployments to confirm if the W3 Total Cache plugin is being utilized, and if so, immediately patch to version 2.8.2, which has a fix applied.
- Ensure that all other WordPress plugins are up-to-date to avoid possible lateral movement by an attacker.
- Confirm that all WordPress webpages are accurate and accessible after plugin upgrade.
External Links:
Fortinet Releases Security Updates for Multiple Products
Description: Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Recommended Actions:
- CISA encourages users and administrators to review the Fortinet PSIRT advisory and apply necessary updates.
External Links:
Credential Phishing Increased by 703% in H2 2024
Description: According to a report by SlashNext, credential phishing attacks surged by 703% in the second half of 2024. Overall phishing attacks increased by 202% during the same period. Researchers attribute this rise to the proliferation of phishing kits, enabling cybercriminals to conduct sophisticated attacks with minimal effort. The data indicates a significant volume problem, as the number of attacks per 1,000 mailboxes has been increasing linearly since June, reaching nearly one advanced attack per mailbox each week. This trend suggests that traditional security measures are being overwhelmed by the sheer volume of attacks.
Recommended Actions:
- Implement strong access control. Enforce Multi-Factor Authentication (MFA) to add an extra security layer that makes unauthorized access more difficult. Use Role-Based Access Control (RBAC) to ensure employees only access data necessary for their role.
- Enhance employee cybersecurity training. Conduct regular phishing simulations to test staff awareness. Train employees to spot phishing red flags, such as urgent requests for patient data or login credentials. Promote a “Zero Trust” security mindset, teaching staff to verify requests before responding.
External Links:
Celito is a team of experienced IT Executives, Industry Professionals, and Business Consultants focused on the life sciences industry.
Products
Consulting
Company
Celito Tech, Inc.
CORPORATE HEADQUARTERS
2100 Geng Road Suite #210
Palo Alto, CA 94303
CALIFORNIA OFFICE
842 Main St.
Redwood City, CA 94063
+1 650.374.2121
FLORIDA OFFICE
1221 Brickell Avenue Suite #900
Miami, FL 33131
Celito Tech, Inc.
INDIA OFFICE LOCATION
Celito Tech India Pvt Ltd.
Flat No.A105, 1st Floor
Aditya's Imperial Heights,
Hyderabad, Rangareddi-500049
Telangana, India
+91 984.902.4174
Privacy Policy | Cookie Policy | Terms of Service | Copyright 2021 © Celito Tech, Inc.