News Heading - 1

Nuclear Research Lab Data Breach Compromises Personal Information of 45K Individuals

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

After confirming the cyberattack incident in November 2023, the Idaho National Laboratory (INL) went on to disclose that hackers had stolen information of tens of thousands of individuals.

The US nuclear research lab is one of the 17 national laboratories operating under the US Department of Energy (DOE) and employs 6,100 researchers involved in nuclear research and security solutions.

The incident notification shared with the Office of the Maine Attorney General revealed that the incident which occurred on November 19, was discovered by INL the very next day. It claimed that the breach did not impact its own network or database, rather its off-site Oracle HCM system that ‘’supports certain INL Human Resources applications.”

Data exfiltration of around 45,047 current and former employees (including postdocs, graduate fellows and interns), dependents, and spouses is said to have occurred. Moreover, employees hired by the Idaho Cleanup Project (ICP) between 2005 until mid-2006 may have also been impacted by this breach. Only employees recruited after June 1, 2023 did not suffer any impact.

The stolen data includes sensitive personally identifiable information like names, social security numbers, salary information, and banking details. Some individuals also had their names and dates of birth information stolen. Data like payroll details for employees, former employees, and retirees that was current as of June 1, 2023 was also compromised.

In response to the attack, affected individuals will be notified via letters as well as provided with free comprehensive credit monitoring services. INL has also advised individuals to freeze their credit report and remain vigilant about suspicious financial transactions on their accounts.

The ongoing investigation is said to be conducted in partnership with DOE, the FBI, the CISA, and other national labs.

On November 20, the incident was claimed by the notorious hacktivist’s group SiegedSec, by leaking stolen information on their Telegram channel and a popular leak forum.

News Heading - 2

WordPress Backup Migration Plugin Flaw Exposes 90K Websites to RCE Attacks

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A popular WordPress plugin with over 90,000 active installs makes many websites vulnerable to potential remote code execution (RCE) attacks.

The plugin known as Backup Migration has various functionalities like scheduling automatic site backups to specific storage facilities.

Tracked as CVE-2023-6553, the vulnerability with a CVSS score of 9.8, allows unauthenticated threat actors to fully compromise a site by exploiting the flaw to inject arbitrary PHP code.

‘’The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file,’’ Wordfence team said .

‘’This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.’’

The RCR vulnerability was reported by Wordfence to BackupBliss, the development team behind Backup Migration. Within hours of reporting, a patch to fix the vulnerability was released. Nevertheless, Wordfence reported that before the publication of the blog, it had already blocked 394 attacks .

Administrators and developers are advised to update and secure their websites against this critical vulnerability, by applying the latest patched version (1.3.8 version) of Backup Migration.

The vulnerability was identified by a team of bug hunters called Nex Team, who reported it to Wordfence, under their bug bounty program. On December 5, the Team reported the bug and the very next day Wordfence validated it and confirmed the proof-of-concept exploit.

It released a firewall rule to protect customers and sent over the full disclosure details to the plugin developer, who released a fix after acknowledging the report.

The bug-bounty program by Wordfence was a huge success, with nearly 130 vulnerabilities submission and registration of over 270 vulnerability researchers.