Annoying Mode

Summary

Total Articles Found: 27

Top sources:

Dark Reading 21
Threatpost 6

Top Keywords:

Top Authors

Top Articles:

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
Hacker Leaks More Than 500K Telnet Credentials for IoT Devices
Snake Keylogger Spreads Through Malicious PDFs
'Log in with...' Feature Allows Full Online Account Takeover for Millions
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Swipe Right for Data Leaks: Dating Apps Expose Location, More
Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords
Report: Air-Gapped Networks Vulnerable to DNS Attacks
Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk
Millions of Java Apps Remain Vulnerable to Log4Shell

Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection

Published: 2024-04-05 11:34:21

Popularity: None

Author: Elizabeth Montalbano, Contributing Writer

A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.

...more

300K Internet Hosts at Risk for 'Devastating' Loop DoS Attack

Published: 2024-03-21 18:17:06

Popularity: 8

Author: Elizabeth Montalbano, Contributing Writer

Attackers can create a self-perpetuating, infinite scenario in such a way that volumes of traffic overwhelm network resources indefinitely.

...more

Google Kubernetes Clusters Suffer Widespread Exposure to External Attackers

Published: 2024-01-25 16:40:00

Popularity: 16

Author: Elizabeth Montalbano, Contributing Writer

Misunderstanding the permissions of an authentication group in Google Kubernetes Engine (GKE) opens millions of containers to anyone with a Google account.

...more

'Log in with...' Feature Allows Full Online Account Takeover for Millions

Published: 2023-10-24 13:00:00

Popularity: 285

Author: Elizabeth Montalbano, Contributor, Dark Reading

Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires — and other online services likely have the same problems.

...more

Microsoft Patches 'Dangerous' RCE Flaw in Azure Cloud Service

Published: 2023-03-30 18:58:13

Popularity: 50

Author: Elizabeth Montalbano, Contributor, Dark Reading

The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platform's nodes.

...more

Booking.com's OAuth Implementation Allows Full Account Takeover

Published: 2023-03-02 16:16:00

Popularity: 15

Author: Elizabeth Montalbano, Contributor, Dark Reading

Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts.

...more

Report: Air-Gapped Networks Vulnerable to DNS Attacks

Published: 2022-12-08 14:12:04

Popularity: 119

Author: Elizabeth Montalbano, Contributor, Dark Reading

Common mistakes in network configuration can jeopardize the security of highly protected assets and allow attackers to steal critical data from the enterprise.

...more

Critical Open Source vm2 Sandbox Escape Bug Affects Millions

Published: 2022-10-11 14:23:07

Popularity: 56

Author: Elizabeth Montalbano, Contributor, Dark Reading

Attackers could exploit the "Sandbreak" security bug, which has earned a 10 out of 10 on the CVSS scale, to execute a sandbox escape, achieve RCE, and run shell commands on a hosting machine.

...more

Android Leaks Wi-Fi Traffic Even When VPN Protection Features Are On

Published: 2022-10-12 16:20:35

Popularity: 14

Author: Elizabeth Montalbano, Contributor, Dark Reading

The platform lets network connectivity data escape outside of the secure tunnel when connected to a public network, posing a "privacy concern" for users with "certain threat models," researchers said.

...more

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

Published: 2022-09-20 17:37:16

Popularity: 131

Author: Elizabeth Montalbano, Contributor, Dark Reading

It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services.

...more

Phishing Campaign Targets PyPI Users to Distribute Malicious Code

Published: 2022-08-30 14:16:23

Popularity: 35

Author: Elizabeth Montalbano, Contributor, Dark Reading

The first-of-its-kind campaign threatens to remove code packages if developers don’t submit their code to a "validation" process.

...more

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

Published: 2022-05-19 13:03:37

Popularity: 238

Author: Elizabeth Montalbano

Keywords:

Vulnerabilities

Web Security

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

...more

Snake Keylogger Spreads Through Malicious PDFs

Published: 2022-05-23 12:07:56

Popularity: 307

Author: Elizabeth Montalbano

Keywords:

Malware

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

...more

Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk

Published: 2022-05-04 10:27:47

Popularity: 97

Author: Elizabeth Montalbano

Keywords:

IoT

Vulnerabilities

A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.

...more

Millions of Java Apps Remain Vulnerable to Log4Shell

Published: 2022-04-27 12:11:25

Popularity: 70

Author: Elizabeth Montalbano

Keywords:

Vulnerabilities

Web Security

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.

...more

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update

Published: 2021-01-27 12:21:28

Popularity: 1153

Author: Elizabeth Montalbano

Keywords:

Vulnerabilities

An anonymous researcher identified bugs in the software’s kernel and WebKit browser engine that are likely part of an exploit chain.

...more

Hacker Leaks More Than 500K Telnet Credentials for IoT Devices

Published: 2020-01-21 11:57:20

Popularity: 568

Author: Elizabeth Montalbano

Keywords:

IoT

Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.

...more

D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day

Published: 2024-05-15 15:42:28

Popularity: 10

Author: Elizabeth Montalbano, Contributing Writer

A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.

...more

Russia's Fancy Bear Pummels Windows Print Spooler Bug

Published: 2024-04-23 13:21:39

Popularity: 14

Author: Elizabeth Montalbano, Contributing Writer

The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.

...more

Cisco Zero-Days Anchor 'ArcaneDoor' Cyber-Espionage Campaign

Published: 2024-04-25 15:59:45

Popularity: 6

Author: Elizabeth Montalbano, Contributing Writer

Attacks by a previously unknown threat actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally.

...more

Okta Warns Once Again of Credential-Stuffing Attacks

Published: 2024-05-30 15:43:41

Popularity: 6

Author: Elizabeth Montalbano, Contributing Writer

🤖: "password fail"

This time it's the identity management service provider's cross-origin authentication feature that's being targeted by adversaries.

...more

20 Million Trusted Domains Vulnerable to Email Hosting Exploits

Published: 2024-07-18 17:53:43

Popularity: 21

Author: Elizabeth Montalbano, Contributing Writer

🤖: "Email fail"

Three newly discovered SMTP smuggling attack techniques can exploit misconfigurations and design decisions made by at least 50 email-hosting providers.

...more

Swipe Right for Data Leaks: Dating Apps Expose Location, More

Published: 2024-07-22 18:18:55

Popularity: 145

Author: Elizabeth Montalbano, Contributing Writer

🤖: "Data leak alert"

Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.

...more

Attackers Exploit 'EvilVideo' Telegram Zero-Day to Hide Malware

Published: 2024-07-23 16:21:16

Popularity: 7

Author: Elizabeth Montalbano, Contributing Writer

🤖: "Sneaky malware"

An exploit sold on an underground forum requires user action to download an unspecified malicious payload.

...more

Security Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4

Published: 2024-07-25 15:32:05

Popularity: 22

Author: Elizabeth Montalbano, Contributing Writer

🤖: "oops, hired wrong guy"

A software engineer hired for an internal IT AI team immediately became an insider threat by loading malware onto his workstation.

...more

GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects

Published: 2024-08-14 14:16:57

Popularity: 22

Author: Elizabeth Montalbano, Contributing Writer

🤖: ""Ouch, they're vulnerable""

Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.

...more

Python-Based Malware Slithers Into Systems via Legit VS Code

Published: 2024-10-02 15:18:01

Popularity: 6

Author: Elizabeth Montalbano, Contributing Writer

🤖: "Sneaky snake"

The prolific Chinese APT Mustang Panda is the likely culprit behind a sophisticated cyber-espionage attack that sets up persistent remote access to victim machines.

...more