An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam. Source link
Tag: xss
Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month. Source link
Wormable Apple iCloud Bug Allows Automatic Photo Theft
Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack. Source link
Post Grid WordPress Plugin Flaws Allow Site Takeovers
Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs. Source link
Stubborn WooCommerce Plugin Bugs Get Third Patch
Users of the Discount Rules for WooCommerce WordPress plugin are urged to apply a third and (hopefully) final patch. Source link
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches. Source link
Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
The cross-site scripting flaw could enable arbitrary code execution, information disclosure - and even account takeover. Source link
Newsletter WordPress Plugin Opens Door to Site Takeover
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com - and why they are the “holy grail” for attackers. Source link
Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft
Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup “Groups.” Source link
ASUS routers could be reflashed with malware – patch now! – Naked Security
If you’re interested in cybersecurity you’ve probably read any number of reports in recent years about the often tenuous state of security in consumer devices. From insecure doorbells to webcams, and from light bulbs to […]
Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
Less than 500 machines have been patched since U.S. Cyber Command issued an alert to patch a critical bug that’s under active exploit. Source link
Attackers Target 1M+ WordPress Sites To Harvest Database Credentials
An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials. Source link
WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover
Severe CSRF to XSS bugs open the door to code execution and complete website compromise. Source link
WordPress Plugin Bug Opens 100K Websites to Compromise
Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace. Source link
WordPress, Apache Struts Attract the Most Bug Exploits
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019. Source link
Chris Eng: Patch Management Challenges Drive ‘Security Debt’
Chris Eng with Veracode talks about how organizations are falling into security debt due to patch management issues. Source link
XSS plugin vulnerabilities plague WordPress users – Naked Security
Thousands of active WordPress plugins have been hit with a swathe of cross-site scripting (XSS) vulnerabilities that could give attackers complete control of sites. One of the affected plugins was designed to work with the […]
Cookie-nabbing app could have served users side helping of XSS – Naked Security
A popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to cookie-stealing cross-site scripting (XSS) attacks. The GDPR Cookie Consent plugin, created by WebToffee, claims over […]
Critical Flaws in Magento e-Commerce Platform Allow Code-Execution
Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others. Source link