An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. Administrators of WordPress sites using the Contact Form 7 Datepicker plugin are recommended to remove or deactivate it to prevent attackers from exploiting a stored cross-site scripting (XSS) vulnerability to create rogue […]
An APT group is exploiting the flaws patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. An APT group is exploiting two vulnerabilities patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. The first issue, tracked as CVE-2019-17026, affects the Firefox […]
The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Experts warn of a ‘UNC path injection’ flaw that could be exploited by remote attackers to steal login credentials from Windows systems. Security experts and privacy advocates believe that the Zoom is an efficient […]
Researchers published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw, tracked as SMBGhost, that can be exploited for local privilege escalation. Researchers Daniel García Gutiérrez (@danigargu) and Manuel Blanco Parajón (@dialluvioso_) have published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows vulnerability, tracked as SMBGhost, that can be exploited by attackers for local privilege escalation. Cybersecurity firms Kryptos […]
A critical privilege escalation flaw in the WordPress SEO Plugin – Rank Math plugin can allow registered users to gain administrator privileges. Defiant’s Wordfence Threat Intelligence team discovered a critical privilege escalation vulnerability in the WordPress SEO Plugin – Rank Math plugin that could allow attackers to give administrator privileges to any registered user. Rank […]
Marriott disclosed a new security breach detected at the end of February 2020 that could impact up to 5.2 million of its guests. Marriott International discloses a data breach that exposed the personal information of roughly 5.2 million hotel guests, the incident was detected at the end of February 2020. “At the end of February […]
Holy Water – An APT group compromised a server hosting Web pages belonging mainly to religious figures and charities to carry out watering hole attacks. On December 4, 2019, Kaspersky experts discovered a watering hole attack, tracked Holy Water, aimed at an Asian religious and ethnic group. The campaign has been active since at least […]
For the third time in a few weeks, the FBI has issued an alert about supply chain attacks carried out by nation-state actors using the Kwampirs malware. The FBI has issued an alert about supply chain attacks using the Kwampirs malware as part of a hacking campaign carried out on a global scale by state-sponsored […]
Online communication platforms such as Zoom are essential instruments at the time of Coronavirus outbreak, and crooks are attempting to exploit their popularity. The Coronavirus outbreak is changing our habits and crooks are attempting to take advantage of the popularity of online communication platforms such as Zoom that are used by businesses, school classrooms and […]
The Zeus Sphinx malware is back, operators are now spreading it exploiting the interest in the Coronavirus outbreak. The Zeus Sphinx malware is back, it was observed in a new wave of attacks attempting to exploit the interest in the Coronavirus outbreak. Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, […]