Collaborate Disseminate
Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs. Continue reading Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities. Continue reading Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack. Continue reading Wormable Apple iCloud Bug Allows Automatic Photo Theft
Less than 500 machines have been patched since U.S. Cyber Command issued an alert to patch a critical bug that’s under active exploit. Continue reading Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
Several vulnerabilities can be chained together for a full exploit. Continue reading Apache Guacamole Opens Door for Total Control of Remote Footprint
The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected. Continue reading libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers
Payments processor TIO Networks identified a security breach that potentially has compromised the personally identifiable information of 1.6 million people. PayPal, which acquired TIO in July for more than $230 million, suspended the company’s op… Continue reading PayPal Subsidiary TIO Networks Suffers Breach Affecting 1.6 Million Users
Takeover comes a few days after hijacking of Mark Zuckerberg’s Twitter account. Continue reading Miscreants breach NFL’s Twitter account, reveal its weak password