20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. Continue reading 20K WordPress Sites Exposed by Insecure Plugin REST-API
Category Archives: Web Security
McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
Continue reading McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges
Spyware Blitzes Compromise, Cannibalize ICS Networks
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
Continue reading Spyware Blitzes Compromise, Cannibalize ICS Networks
2FA Bypassed in $34.6M Crypto.com Heist
In a display of 2FA’s fallibility, unauthorized transactions approved without users’ authentication bled 483 accounts of funds. Continue reading 2FA Bypassed in $34.6M Crypto.com Heist
Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
Continue reading Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug
SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices. Continue reading Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug
Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open. Continue reading Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs
Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data
A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. Continue reading Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data
Box 2FA Bypass Opens User Accounts to Attack
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. Continue reading Box 2FA Bypass Opens User Accounts to Attack
Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks
Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.
Continue reading Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks