Vulnerabilities Digest: June 2020

Highlights for June 2020

Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization.
Massive … Continue reading Vulnerabilities Digest: June 2020

Cisco IP Phone Harbors Critical RCE Flaw

Cisco stomped out a critical vulnerability in its IP Phone web server that could enable remote code execution by an unauthenticated attacker. Continue reading Cisco IP Phone Harbors Critical RCE Flaw

Cisco ‘Critical Update’ Phishing Attack Steals Webex Credentials

Emails purporting to be a Cisco “critical security advisory” are actually part of a phishing campaign trying to steal victims’ Webex credentials. Continue reading Cisco ‘Critical Update’ Phishing Attack Steals Webex Credentials

Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) – Security Advisory

SUBJECT: A Vulnerability in Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796)   OVERVIEW: A vulnerability has been discovered in Microsoft Windows SMB Server that could allow for remote code execution. Microsoft […] Continue reading Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) – Security Advisory

Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) – Security Advisory

SUBJECT: A Vulnerability in Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796)   OVERVIEW: A vulnerability has been discovered in Microsoft Windows SMB Server that could allow for remote code execution. Microsoft Se… Continue reading Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) – Security Advisory

Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) – Security Advisory

SUBJECT: A Vulnerability in Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796)   OVERVIEW: A vulnerability has been discovered in Microsoft Windows SMB Server that could allow for remote code execution. Microsoft Se… Continue reading Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) – Security Advisory

Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug

Imagine receiving a TLS warning on your browser every time you visit your website for 60 days straight. Definitely not an ideal situation and you would certainly want to avoid it at all costs, correct?
Let’s Encrypt SSL, a certificate authority … Continue reading Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug

Authentication Bypass Vulnerability in InfiniteWP Client

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server… Continue reading Authentication Bypass Vulnerability in InfiniteWP Client

Fake French Police Sextortion Scam

There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be used to deliver the blackmail threat to the victim.
Blackmail At… Continue reading Fake French Police Sextortion Scam

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the Full Disclosure mailing list this past Monday.
This vulnerability is extremely severe. It allows any website visitors to run PHP code an… Continue reading Zero-Day RCE in vBulletin v5.0.0-v5.5.4