Welcome back to this week’s security bulletin!

We are so excited to inform you that you can now use a 'physical' key as hardware-based two-factor security authentication in order to access a remote server over SSH. Isn't it great? An actual key like in the form of a USB will help you to authenticate instead of an OTP sent via SMS or email.

The hardware-based authentication keys will prevent man-in-the-middle(MITM) attack, phishing and other types of attacks over OTP or email because a physical key is required to authenticate even if your account is compromised. This key adds an extra layer of security over traditional authentication methods like password, OTP and user can log into their accounts just by inserting USB security key.

OpenSSH is a connectivity tool for remote login with SSH and it is announced new version 8.2 will implement two security enhancements. Version 8.2 added support for FIDO(Fast Identity Online)/U2F(Universal 2nd Factor) hardware authenticators and deprecated SSH-RSA public-key signature algorithm.

Even if the attacker steals your password, they cannot log into your server because it requires a physical security key. The release notes of the new OpenSSH version is available here.

WordPress is a free, open-source content management system and more than 35% of websites in the world are built using it. Recently, a vulnerability was discovered in a WordPress plugin that gives administrator privilege, remote code execution and even removing the entire website.

The plugin name is ‘ThemeGrill Demo Importer’ which provides demo options for themes and widgets. It is sold by web development company ThemeGrill. When a user activates a theme from ThemeGrill in his WordPress account, the vulnerable plugin executes some functions with administrator privilege without checking the user's privilege.

The following steps are recommended for WordPress users to secure their accounts:

  • Remove vulnerable plugins immediately.
  • Frequently audit currently-installed plugins to disable outdated ones.
  • Patch both CMS and plugins.
  • Establish secure authentication processes.

AZORult is an information stealer first analyzed in 2016. It steals browsing history, cookies, ID/passwords, cryptocurrency information, and more. Recent research identified that hackers are Spreading AZORult Malware As a Fake ProtonVPN Installer To Attack the Windows Computers.

The attackers created a fake ProtonVPN website which is an exact copy of the original site and spread malware through it. When a user downloads the installer package from a Windows server, malware is activated. The fake site name is protonvpn{.}store registered in Russia and its content is disabled now.

Please be careful while downloading installer packages and make sure you download it from the original authenticated site.