Craig Pepper
April 8, 2024
4 Min Read

Threat Report 08.04.24

Critical Security Vulnerability At Ibis Check-in Terminals Exposes Guest Room Access Codes

A significant security breach has been identified in self-service check-in terminals at a hotel chain, starting with an Ibis budget hotel in Germany, which could potentially jeopardise the safety of guests across numerous European locations. This flaw allows for the unauthorised acquisition of guest room keycodes, raising grave concerns over customer security.

Researchers have unveiled that this security oversight in the terminals does not demand any specialised knowledge or tools to exploit. Within moments, an individual could potentially collect a vast number of access codes, mirroring the time a legitimate guest might spend checking into their accommodation.

These automated check-in systems, intended as a convenient alternative to traditional front desk interactions, have inadvertently become a security liability. In addition to facilitating room access, these terminals provide booking information retrieval services which, due to the flaw, could disclose room access codes upon entering a sequence of dashes as a booking reference.

This issue could also reveal extensive details of room bookings, including entry codes, room numbers, and the duration of stays. This vulnerability was stumbled upon accidentally at the Ibis Budget hotel in Hamburg and was capable of disclosing details for 87 bookings out of the hotel's 180 rooms.

The implications of such a breach are far-reaching, enabling potential theft, targeted attacks on high-value guests, and even personal safety threats from unauthorised access to guest rooms.

Despite no evidence of real-world exploitation, the severity of this issue prompted Accor Security, the security branch of the Ibis Budget's parent company, to swiftly develop and implement a corrective software patch across all impacted terminals within a month of discovery.

This incident highlights a broader challenge facing hotel security, demonstrated by recent vulnerabilities identified in keycard locks and IT systems across the industry, affecting millions of doors globally and leading to significant operational disruptions.

Birmingham City Council Finally Admits Computer Systems Compromised in Cybersecurity Breach

Birmingham Mayor Randall Woodfin has publicly acknowledged a cybersecurity breach within the city's computer network, identified nearly four weeks prior. This breach was highlighted in a communication dispatched to multiple employees confirming unauthorised digital intrusions into the city's operational frameworks.

The initial signs of the cyber intrusion were detected on March 6, leading to a swift response to investigate the abnormal activities impacting the city's digital infrastructure. Officials have been working towards reinstating the operational capabilities of the compromised systems, though the probe into the breach's specifics is still ongoing. The Council has now highlighted their dedication to fortifying network security.

The attack has caused considerable operational hindrances, pushing employees to revert to manual procedures for tasks. However essential services such as public safety and public works have not suffered interruptions. Although, law enforcement operations have encountered constraints, notably in the retrieval of data related to vehicle theft inquiries and warrant statuses.

In response to potential anxieties surrounding payroll processes and compensation, city representatives have assured that the distribution of wages will proceed unhindered.

In the aftermath of the security breach, Birmingham has sought the expertise of external cybersecurity entities to delineate the breach's scope and its repercussions on city functions. 

Preliminary insights from governmental sources suggest the cyberattack may be characterised as a ransomware incident, wherein perpetrators demand fiscal remuneration to unlock access to encrypted city data. Although the breach's ramifications are severe, the continuity of emergency services has been emphatically affirmed by city officials.

This incident underscores the escalating challenge cities face in defending against cyber threats. With the investigation forging ahead, Birmingham is intensifying its cybersecurity fortifications, spotlighting the paramount importance of preemptive measures against future digital onslaughts.

High-Risk Vulnerability Detected in Widely-Used LayerSlider WordPress Plugin

A significant security vulnerability has been uncovered in the LayerSlider plugin for WordPress, posing a potential risk to millions of websites by allowing unauthorised access to sensitive database information, including password hashes. Identified as CVE-2024-2879, this critical SQL injection flaw has been assigned a near-maximum CVSS severity score of 9.8.

The compromised versions span from 7.9.11 to 7.10.0, with the issue rectified in the subsequent 7.10.1 update, rolled out on March 27, 2024, after a responsible disclosure process initiated on March 25. The LayerSlider team has emphasised the importance of this update due to its security enhancements.

LayerSlider, renowned for enabling users to craft animations and engaging web content, boasts a substantial global user base. The vulnerability originates from inadequate escaping of user inputs and the omission of the wpdb::prepare() method, which could allow attackers without authentication to execute additional SQL queries, thereby accessing confidential information, as analysed by cybersecurity experts at Wordfence.

The exploitation of this vulnerability is somewhat constrained to a time-based method, necessitating attackers to monitor the response times of their queries to extract data, indicating a more sophisticated attack vector.

This revelation follows closely behind the identification of other significant vulnerabilities within the WordPress ecosystem, including an unauthenticated stored cross-site scripting (XSS) issue in the WP-Members Membership Plugin. Addressed in version, this flaw (CVE-2024-1852, CVSS score: 7.2) could allow the execution of malicious JavaScript code on affected sites.

Insufficient input sanitation and output escaping were pinpointed as the culprits, potentially enabling attackers to inject harmful scripts into web pages, thus compromising site integrity and user security.

Recent weeks have also witnessed the disclosure of vulnerabilities in additional WordPress plugins like Tutor LMS and Contact Form Entries, underscoring the ongoing security challenges within the WordPress plugin ecosystem.


Immediate update of the LayerSlider plugin to version 7.10.1 or higher to mitigate the risk.

Regular monitoring and updating of all WordPress plugins and themes to safeguard against known vulnerabilities.

Implementation of stringent input validation and sanitation measures to prevent SQL injection and XSS attacks.

Employing a security plugin capable of detecting and blocking malicious requests.

Read similar blogs