Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites

Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed.

Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has been acknowledged, it's yet to be addressed.

Fancy Product Designer is a tool that enables businesses to offer customizable products, allowing customers to design any kind of item ranging from T-shirts to phone cases by offering the ability to upload images and PDF files that can be added to the products.

"Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these checks were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed," Wordfence said in a write-up published on Tuesday.

WordPress Plugin

Armed with this capability, an attacker can achieve remote code execution on an affected website, allowing full site takeover, the researchers noted. Wordfence has not shared the technical specifics of the vulnerability as it found evidence of it being abused as early as January 30.

Wordfence said that the critical zero-day could be exploited in select configurations even if the plugin has been deactivated, urging users to completely uninstall Fancy Product Designer until a patched version becomes available.

This is far from the first time Wordfence has disclosed severe issues in WordPress plugins. In December 2017, a hidden backdoor in BestWebSoft captcha plugin was found to affect 300,000 sites.

Then earlier this year, the researchers revealed vulnerabilities in Elementor and WP Super Cache that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios.

Update: The maintainers of Fancy Product Designer have released an update (version 4.6.9) to remediate the aforementioned file upload vulnerability. Wordence has also shared the revised indicators of compromise (IoC) associated with the attack, which can be accessed here.

https://thehackernews.com/2021/06/hackers-actively-exploiting-0-day-in.html

Scientists have found a way to identify cartographic deepfakes

A new model has emerged that detects satellite imagery fakes. This will help identify maps that can confuse air defense systems and unmanned vehicles.

Researchers from the University of Washington and Oregon explained that the problem of satellite map counterfeiting will become urgent over the next few years. They have now described a mechanism that can detect false satellite images.

The scientists added that maps are used in many of the modern services found in national defense and even autonomous vehicles, a technology that is still under development. AI has had a positive impact on this field through the development of Geospatial Artificial Intelligence (GeoAI), which uses machine learning to extract and analyze geospatial data. But these same techniques can be used to spoof GPS signals, location information on social media posts, and more.

“We want this technology to be ethical. At the same time, researchers need to pay attention and identify fake images. With a lot of data, these images can look real to the human eye and cannot be detected manually, ”the researchers note.

To understand how to detect an artificially created image, scientists first decided to create one. To do this, they used a technique common in deep forgery: Cycle-Consistent Adversarial Networks (CycleGAN), an unsupervised deep learning algorithm that can mimic a variety of media.

The researchers altered the satellite image of Tacoma, Washington, adding elements of Seattle and Beijing to make it look as real as possible. After creating the modified image, they compared 26 different parameters of the photographs to determine if there are statistical differences between true and false images. Statistical differences were recorded for 20 out of 26 indicators, or in 80% of cases.

Some of the differences are the color of the rooftops, the dimness or brightness of photographs. However, these differences depended on the original data used to create the forgery.

https://freenews.live/scientists-have-found-a-way-to-identify-cartographic-deepfakes/

FUJIFILM shuts down network after suspected ransomware attack

FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack's spread.

FujiFilm, also known as just Fuji, is a Japanese multinational conglomerate headquartered in Tokyo, Japan, which initially started in optical film and cameras. It has grown to include pharmaceuticals, storage devices, photocopiers and printers (XEROX), and digital cameras.

FUJIFILM earned $20.1 billion in 2020 and has 37,151 employees worldwide.

If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.

Likely ransomware attack

Today, FUJIFILM announced that their Tokyo headquarters suffered a cyberattack Tuesday night that they indicate is a ransomware attack.

"FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence," FUJIFILM said in a statement.

"We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities."

"We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused."

Due to the partial network outage, FUJIFILM USA has added an alert to the top of their website stating that they are experiencing network problems that are impacting their email and phone systems.

https://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/

Windows 10's package manager flooded with duplicate, malformed apps

ast week, Microsoft released the first stable version of its Windows 10 package manager, Winget, which enables users to manage apps via command-line.

Much like package managers available on other platforms, Winget lets Windows users automate app management when it comes to installing, configuring, upgrading, and uninstalling applications.

But, over the weekend, multiple users flooded Winget's software registry with pull requests for apps that are either duplicate or malformed, thereby raising concerns about the integrity of the Winget ecosystem.

Winget's repo flooded with duplicate apps, malformed manifests

Microsoft had first introduced the preview version of its Windows 10 package manager at Microsoft Build 2020. Since then, Microsoft developed Winget as an open-source project on GitHub.

Last week marked a milestone when the first stable version of Winget was released.

Microsoft's guidelines state that independent software vendors (ISVs) looking to upload their application to the Winget registry, can do so by submitting the application's manifest on their GitHub.

Furthermore, when contributors submit a manifest to Winget's GitHub, with some exceptions, the manifests are automatically validated by Winget's bot against set criteria.

But, over this Memorial Day weekend, multiple pull requests emerged on Winget's GitHub containing names of apps that had already existed in the package manager's registry.

Moreover, some pull requests contained incorrect application names in the manifests or "bad" links from where the application should get fetched.

And, in few other cases, new pull requests would overwrite existing applications' manifests, with incomplete info.

The user KaranKad originally raised this issue over the weekend, after gathering over five dozen such examples of invalid pull requests being made to Winget's repo.

"People are submitting bad or duplicate manifests without checking if the app already exists or not in this repository."

"Create a group of active contributors who know what they are doing, with [the] ability to close a PR so they can prevent bad or duplicate PRs from getting in," suggested the user.

Out of the many examples posted, BleepingComputer noticed how this was especially true for an app named after "PrimoPDF":

https://www.bleepingcomputer.com/news/security/windows-10s-package-manager-flooded-with-duplicate-malformed-apps/

Rep. Madison Cawthorn: White House Officials Are Talking About Exit Strategies for Dr. Fauci

Rep. Madison Cawthorn, the youngest lawmaker in Congress today, joined Greg Kelly on Newsmax TV on Thursday night.

Rep. Cawthorn told Greg Kelly a White House insider says officials are talking about an exit strategy for Dr. Tony Fauci.

Rep. Madison Cawthorn: His days are numbered. I know an insider in the White House who has spoken very openly to me that they are talking about exit strategies for Anthony Fauci. But it’s very, very clear, I’m happy that his book deal is probably going to get destroyed because this person has destroyed so many lives… There were so many inconsistencies. It seems like he was a megalomaniac.

https://www.thegatewaypundit.com/2021/06/breaking-rep-madison-cawthorn-white-house-officials-talking-exit-strategies-dr-fauci-video/

MORE ARIZONA AUDIT UPDATES: OVER 60% Of Ballots Counted and Analyzed — 1.3 Million Completed!

On Thursday morning, The Gateway Pundit received two more HUGE updates on the historic Arizona Audit also known as America’s Audit.

As The Gateway Pundit reported earlier, Georgia lawmakers are heading to Arizona next week to tour the Veterans Memorial Coliseum and replicate the Arizona Audit in GA! Steve Bannon announced this on his show this morning.

Additionally this morning, The Maricopa Arizona Audit Twitter page reported that they had surpassed counting over 60% of the 2.1 million ballots cast. Christina Bobb then reported on OAN that they passed 1.3 MILLION counted.

The pace is ramping up and they are nailing this process down. It looks like Georgia could be the 3rd domino to fall.

On Wednesday, former Special Assistant to President Trump Boris Epshteyn told The War Room audience, “The freight train of audits is traveling across the country!”.

AZ, PA, GA, whos next?

We give a huge thank you to the amazing patriots who donate their efforts to the cause. If you would like to join the fight to save America, please register to volunteer at the link below.

https://www.thegatewaypundit.com/2021/06/arizona-audit-updates-60-ballots-counted-analyzed-1-3-million-completed/

https://dcdirtylaundry.com/absolutely-not-safe-and-not-effective-fda-and-cdc-lied-about-vaccine-efficacy-to-obtain-emergency-authorized-use-eau-for-highly-suspect-human-medical-experiment-using-mrna/

>>13824790

Her and her boss are on the hook. Rudy knew about 911 did nothing told no-one

Eight Members Of Armed Drug Trafficking Organization Charged By Federal Indictment

https://www.justice.gov/usao-mdfl/pr/eight-members-armed-drug-trafficking-organization-charged-federal-indictment

Everest climbers could have spread 'potentially more infectious AND vaccine resistant' Nepal Covid variant across the world after it was first found in THIRTEEN travelers on flights from Himalaya to Japan

EXCLUSIVE: Sources said the mutant strain was detected in at least 43 Britons

It is closely related to the Indian variant, they said, but has new mutations

As many as 13 travellers from Japan have been spotted carrying the new strain

https://www.dailymail.co.uk/news/article-9647331/Nepal-Covid-variant-20-Britons-mutated-version-Indian-strain.html

Biden Comes Out Against Establishing Presidential Commission To Investigate Jan. 6

President Joe Biden is opposing creating a Jan. 6 presidential commission, Axios reported Thursday.

The president plans to continue urging Congress to establish its own committee, White House officials said according to Axios. He won’t, however, appoint his own presidential committee dedicated to investigating the Jan. 6 riot, which saw Trump supporters storm the U.S. Capitol as lawmakers were voting to certify the election for Biden.

House Democrats proposed creating a presidential commission after Senate Republicans killed a bill to create one in a vote at the end of May. Six Republicans supported the bill, but 10 votes were necessary to overcome the 60-vote threshold to start debating.

“Congress was attacked on that day, and President Biden firmly agrees with Speaker Pelosi that Congress itself has a unique role and ability to carry out that investigation,” White House press secretary Jen Psaki said according to the report. “Because of that, the President doesn’t plan to appoint his own commission.”

“The events of Jan. 6 were an unprecedented assault on our democracy — and he believes they deserve a full, and independent, investigation to determine what transpired and ensure it can never happen again,” the press secretary continued.

House Speaker Nancy Pelosi has given various options on reviewing how the Jan. 6 riot occurred, according to NBC News. She “dismissed” the idea of Biden launching a presidential commission and reportedly said it wasn’t “workable,” NBC News noted.

https://dailycaller.com/2021/06/03/joe-biden-against-presidential-commission-jan-6-capitol-riot/

>>13824972

>>13824983 KEK

https://www.foxnews.com/politics/state-department-leaders-covid-origin-investigation-former-officials

>>13825079

kek fuck'n ah

Same fucker who got caught bullshitting yesterday

https://www.theage.com.au/national/victoria/victoria-covid-live-updates-restrictions-ease-for-regions-melbourne-starts-second-week-of-lockdown-20210603-p57xrh.html

Facebook to stop exempting politicians from censorship, building on Trump ban – reports

Politicians may soon lose the special status protecting them from fact-checking and censorship on Facebook, according to reports about upcoming policy changes at Mark Zuckerberg’s social media behemoth.

Facebook – which also owns Instagram and WhatsApp – will treat accounts of politicians and public figures just like everyone else’s, and disclose when special newsworthiness exemption gets invoked to shield them from having “violating” content deleted, The Verge reported on Thursday.

The Verge cited “two people familiar with the changes.” Facebook declined to comment for the story and has not announced any changes on its official pages. According to the outlet, the official announcement may come “as soon as Friday.”

The changes are reportedly driven by last month’s report by the Oversight Board, a body of “experts” Zuckerberg set up to act like a “supreme court” of sorts for the platform. While the board upheld Facebook’s suspension of US President Donald Trump after the January 6 Capitol riot – while he was still in office – they said the rules should apply to everyone equally.

Trump’s indefinite suspension was an “indeterminate and standardless penalty,” the Board said, reminding Facebook that its normal practices are to either remove the “violating content,” impose a time-limited suspension, or permanently ban the user.

The board also gave Facebook until June 5 to respond to policy recommendations, a deadline that expires on Saturday.

Another rumored change in the world involves notifying users when they get a “strike” for violating Facebook’s content rules, meaning people will at least get some notice as to why their accounts were deleted – even if that doesn’t help them avoid bans or censorship in practice.

The reported changes were met with approval from NBC’s “disinformation” reporter Ben Collins, who argued that “Transparency cuts off a lot of conspiracy theories and at least some claims of bias at the knees.”

Republicans have accused social media platforms of censorship motivated by bias. Big Tech has countered by backing a study saying otherwise. Last week, however, Facebook removed the temporary ban on donating to politicians – but said it wouldn’t donate to any Republicans who dared question the sanctity of the 2020 election.

While Zuckerberg has historically argued that Facebook shouldn’t be in the business of policing speech, he has been under tremendous pressure from Democrats to censor “misinformation” on the platform – which in practice translated too often to posts disagreeing with the current ruling party in the US.

Angry online Democrats clamored on Wednesday to #DeleteFacebook after Trump’s page became visible again – though the platform’s spokesman, a longtime DNC operative Andy Stone, insisted he remained “suspended.”

https://www.rt.com/usa/525612-facebook-rules-censorship-trump/

Serbia ammunition factory EXPLODES, lighting up the night and forcing residents to evacuate

Residents of the central Serbian city of Cacak were roused from their beds by a series of explosions, as the local factory making ammunition for tanks and artillery apparently went up in flames.

The ongoing blasts began around 1:30 am local time from the 'Sloboda' (Freedom) plant, southwest of Cacak, reportedly driving some local residents from their homes in panic.

Sloboda Čačak trenutno pic.twitter.com/kqiiHOoyuc

— Стефан Печеничић (@StefanPecenicic) June 3, 2021

Videos shared on social media showed a fiery blaze lighting up the night, amid constant explosions from ammunition rounds going off.

oh shit here we go againsloboda, čačak pic.twitter.com/FhgB5rV91Z

— kojesranje (@heejterka) June 4, 2021

Експлодирала фабрика “Слобода” у Чачку… #cacak#gradcacak#fabrikaslobodapic.twitter.com/SIgKm6Gqch

— Војвоткиња од Љубића (@smokicarka) June 4, 2021

“Windows are shaking,” one woman from Cacak tweeted, calling it an “unprecedented human and environmental catastrophe.”

pic.twitter.com/xxLfMSo9LR

— Boginja Pravde ⚖️ (@savrsenadevojka) June 3, 2021

No official information is available on the extent of material damage or casualties, if any.

A correspondent for the Serbian newspaper Novosti filmed some of the residents fleeing the city. “Unbearable stench” was spreading through the city and shrapnel was raining from the sky, he reported.

Ambulances and police responding to the scene could not approach the factory due to safety concerns.

Founded in 1948, Sloboda employs more than 2,000 workers and specializes in production of tank and artillery shells, as well as several types of rocket-propelled anti-tank weapons. It was heavily bombed during the 1999 NATO campaign over Kosovo, but has been rebuilt since.

https://www.rt.com/news/525614-serbia-ammunition-plant-explodes/

Chinese Military Jets Enter Malaysian Airspace

The Chinese regime is continuing to assert territorial claims in the South China Sea. On Monday, the Malaysian Air Force reported 16 Chinese military jets flying in Malaysia’s airspace. The aircraft came as close as 70 miles from Malaysia’s north coast.

https://www.ntd.com/chinese-military-jets-enter-malaysian-airspace_622709.html

UN Representatives Declare Crippling Sanctions Have Caused Human Rights Violations Amid Pandemic

The COVID-19 pandemic has exacerbated grievances and concerns, as well as cooperation, in establishing goals directed at enhancing global peace and security. To date, there has not been an established, tactful form of retaliation for disagreements concerning human rights, except for Unilateral Coercive Measures (UCM) or sanctions.

UN representatives declared during a Thursday virtual event that economic sanctions have caused human rights violations by obstructing access to the updated health systems, technology and humanitarian aid needed to sustain global infrastructure.

The virtual event was hosted by the Permanent Mission of Iran to the United Nations (UN), and was geared towards addressing the impact of sanctions on international health systems, specifically the effects such measures have on certain countries most affected by the COVID-19 pandemic.

Many nations, including Russia, China and Iran, came together to urge the United States, United Kingdom, EU and other countries to end their enforcement of UCMs, which are shown to have a negative impact on the national health systems of targeted developing countries.

In particular, panelists from the Human Rights Council, Iran and Belarus cited the negative impact on the health and well-being of women, children, persons with disabilities and other individuals living in vulnerable situations.

The obstruction of humanitarian aid and medical supplies are marked as having a negative impact on the rights to development, access to health and rights to self-determination in violation of humanitarian rights and policies established by the UN Charter and Human Rights Council.

“The issue of health is a fundamental aspect of internationally-recognized human rights,” Zamir Akram, the chair rapporteur of the Human Rights Council, said during the virtual meeting, adding that some sanctions often resulted in retaliatory obstacles that impeded adequate help in situations, such as the COVID-19 pandemic.

“Countries have the right to cooperate with each other in ensuring development and eliminating the obstacles of development,” he maintained, while suggesting means of combating the negative impact through the draft of Resolution 39/9, a binding instrument meant to legally address the impact that UCMs have on the right to development.

The virtual event was co-hosted by several missions to the UN, including Zimbabwe, Cuba, Venezuela and Syria, who have all repeatedly faced an increase in sanctions that resulted in unstable national infrastructure.

China’s UN Representative Declares ‘Unilateral Sanctions Are Illegal’

Many of the participating countries maintained that sanctions are illegal and are being used as a political tool to enforce restrictions on global trade, arguing that the financial restrictions also push forward a unilateral agenda, especially amid the pandemic, which has only exacerbated the negative impact of sanctions.

“Unilateral sanctions are illegal,” Zhang Jun, permanent representative of China to the UN said, adding that UCMs are “man-made.” The official also called for the lifting of sanctions in order to meet humanitarian needs and uphold multilateralism.

China has recently instilled their own restrictions on several international brands, all of which came from countries responsible for sanctions against China’s Xinjiang cotton, as it represents a high portion of the country’s trade revenue.

https://sputniknews.com/world/202106041083069768-un-representatives-declare-crippling-sanctions-have-caused-human-rights-violations-amid-pandemic/

‘News Break’ App in Question Over China Ties

News app News Break is popular among many Americans, but its roots are actually tied to China. Recently, people have been starting to question if this self-proclaimed local news platform is really immune from Beijing’s influence.

https://www.ntd.com/news-break-app-in-question-over-china-ties_622746.html

>>13825260

Yep that will convince people

Good Job!

Disturbing video shows Australian police employee groping 13-year-old girl in elevator

Disturbing new video shows the moment an Australian police department employee corners a 13-year-old girl in an elevator and gropes her as she frantically attempts to get away.

Glenn Roche, 54, who was found guilty of indecent assault this week, is seen in the footage chasing the youngster into the elevator after a day out with her family, the New Zealand Herald reported on Thursday.

Roche seems to be playfully chasing the girl but then the sicko grabs her, fondles her and tries to kiss her while she tries to wrestle free, the footage posted by TVNZ-TV shows.

The girl later told authorities that she still suffers nightmares from the harrowing July 2019 assault, according to the Herald.

But Roche told the judge he was just playing around and claimed there was “no sexual gratification on my behalf.”

“My hands have slid up her body as she slid to the ground,” the sicko told police. “My mind has gone off on a tangent like this is a challenge to me. I can get her and give her a kiss on the cheek like her two sisters and mum.”

“She contributed to that occurring by releasing her body weight and sliding through my hands,” he said, blaming his tiny victim.

Police said Roche had been out with the girl’s mom and siblings. It is unclear what his relationship to the girl and her family was.

The judge wasn’t buying his excuse, however, and found Roche guilty.

He was also suspended from the police department, where he worked as a civilian employee, according to the reports.

https://nypost.com/2021/06/03/video-shows-new-zealand-man-groping-13-year-old-girl-in-elevator/

>>13825309

5:5