Linkstrain-ng Slideshow

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

...more

Millions of Java Apps Remain Vulnerable to Log4Shell

Published: 2022-04-27 12:11:25

Popularity: 70

Author: Elizabeth Montalbano

Keywords:

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.

...more

Log4JShell Used to Swarm VMware Servers with Miners, Backdoors

Published: 2022-03-29 20:33:08

Popularity: 52

Author: Lisa Vaas

Keywords:

Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.

...more

20K WordPress Sites Exposed by Insecure Plugin REST-API

Published: 2022-01-21 18:19:37

Popularity: 34

Author: Becky Bracken

Keywords:

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.

...more

Zoho Password Manager Flaw Torched by Godzilla Webshell

Published: 2021-11-08 16:38:05

Popularity: 36

Author: Lisa Vaas

Keywords:

Researchers have spotted a second, worldwide campaign exploiting the Zoho zero-day: one that’s breached defense, energy and healthcare organizations.

...more

Twitter Suspends Accounts Used to Snare Security Researchers

Published: 2021-10-18 16:23:21

Popularity: 88

Author: Lisa Vaas

Keywords:

The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.

...more

Apple AirTag Zero-Day Weaponizes Trackers

Published: 2021-09-29 20:48:33

Popularity: 177

Author: Tara Seals

Keywords:

IoT

Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS.

...more

SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’

Published: 2021-09-09 14:30:56

Popularity: 115

Author: Lisa Vaas

Keywords:

Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers.

...more

Thousands of Fortinet VPN Account Credentials Leaked

Published: 2021-09-09 22:49:27

Popularity: 39

Author: Lisa Vaas

Keywords:

They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit.

...more

Kerberos Authentication Spoofing: Don’t Bypass the Spec

Published: 2021-08-18 13:19:15

Popularity: 1210

Author: Yaron Kassner

Keywords:

Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.

...more

Pro-Trump ‘Gettr’ Social Platform Hacked On Day One

Published: 2021-07-07 03:27:13

Popularity: 114

Author: Lisa Vaas

Keywords:

Hacks

The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online.

...more

Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data

Published: 2021-03-18 15:52:29

Popularity: 268

Author: Lindsey O'Donnell

Keywords:

A glitch in Zoom's screen-sharing feature shows parts of presenters' screens that they did not intend to share - potentially leaking emails or passwords.

...more

Tutor LMS for WordPress Open to Info-Stealing Security Holes

Published: 2021-03-18 11:50:44

Popularity: 113

Author: Tara Seals

Keywords:

The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities.

...more

Critical WordPress Plugin Flaw Allows Site Takeover

Published: 2021-02-08 21:11:57

Popularity: 124

Author: Lindsey O'Donnell

Keywords:

A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.

...more

Attackers Exploit Critical Adobe Flaw to Target Windows Users

Published: 2021-02-09 19:40:47

Popularity: 643

Author: Lindsey O'Donnell

Keywords:

A critical vulnerability in Adobe Reader has been exploited in "limited attacks."

...more

Misconfigured Baby Monitors Allow Unauthorized Viewing

Published: 2021-02-16 16:50:35

Popularity: 302

Author: Tara Seals

Keywords:

IoT

Hundreds of thousands of individuals are potentially affected by this vulnerability.

...more

Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites

Published: 2021-02-05 22:20:20

Popularity: 133

Author: Tara Seals

Keywords:

An CRSF-to-stored-XSS security bug plagues 50,000 'Contact Form 7' Style users.

...more

Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

Published: 2021-01-27 20:32:55

Popularity: 440

Author: Tara Seals

Keywords:

Critical Infrastructure

Hacks

A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet.

...more

Widespread Scans Underway for RCE Bugs in WordPress Websites

Published: 2020-11-18 21:53:55

Popularity: 172

Author: Tara Seals

Keywords:

RCE

remote code execution

Security Vulnerabilities

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.

...more

Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes

Published: 2020-07-30 21:40:31

Popularity: 146

Author: Lindsey O'Donnell

Keywords:

incorrect passcode check

Zoom has fixed the issue, which stemmed from a lack of checks against incorrect passcode attempts.

...more

Zoom Restricts End-to-End Encryption to Paid Users

Published: 2020-06-04 17:02:34

Popularity: 372

Author: Lindsey O'Donnell

Keywords:

Privacy