The Internet’s Most Tempting Targets
What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets. Source: Threatpost.com
Continue ReadingCategory: Web Security
20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. Source: Threatpost.com
Continue ReadingMcAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges. Source: Threatpost.com
Continue ReadingSpyware Blitzes Compromise, Cannibalize ICS Networks
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud. Source: Threatpost.com
Continue Reading2FA Bypassed in $34.6M Crypto.com Heist: What We Can Learn
In a display of 2FA’s fallibility, unauthorized transactions approved without users’ authentication bled 483 accounts of funds. Source: Threatpost.com
Continue ReadingCritical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges. Source: Threatpost.com
Continue ReadingMicrosoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug
UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software. Source: Threatpost.com
Continue ReadingPervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open. Source: Threatpost.com
Continue ReadingRed Cross Begs Attackers Not to Leak Stolen Data for 515K People
A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. Source: Threatpost.com
Continue ReadingBox 2FA Bypass Opens User Accounts to Attack
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. Source: Threatpost.com
Continue Reading