WP Statistics Bug Allows Attackers to Lift Data from WordPress Sites
The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in. [...]
The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in. [...]
Several mobile apps, some with 10 million downloads, have opened up personal data of users to the public internet – and most aren't fixed. [...]
Enterprises are embracing on-demand freelance help – but the practice, while growing, opens up entirely new avenues of cyber-risk. [...]
The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities. [...]
Attackers can take advantage of the fact these apps access, gather, store and transmit more information than any other app their victims have installed. [...]
Keynoters from Cisco, Netflix and RSA highlighted lessons from the last year, and cybersecurity's new mandate in the post-pandemic world: Bounce back stronger. [...]
The advanced Brazilian malware has gone global, harvesting bank logins from Android mobile users. [...]
The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines. [...]
An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. [...]
The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads. [...]
A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required. [...]
Microsoft's May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities. [...]
An ingenious attack on Android devices self-propagates, with the potential for a range of damage. [...]
The sophisticated threat is targeting Microsoft Exchange servers via ProxyLogon in a wave of fresh attacks against North American targets. [...]
A malicious app can exploit the issue, which could affect up to 30 percent of Android phones. [...]
The networking giant has rolled out patches for remote code-execution and command-injection security holes that could give attackers keys to the kingdom. [...]
'Spam protection, AntiSpam, FireWall by CleanTalk' is installed on more than 100,000 sites -- and could offer up sensitive info to attackers that aren't even logged in. [...]
Remote code execution, privilege escalation to root and lateral movement through a victim's environment are all on offer for the unpatched or unaware. [...]
The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others. [...]
The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009. [...]
The San Diego-based hospital system diverted ambulances to other medical centers after a suspected ransomware attack. [...]
The stealthy backdoor is likely being used by Chinese APTs, researchers said. [...]
The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console. [...]
A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations. [...]
The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities. [...]