Author: DEFENDEDGE

A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy. Read more

A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users. Read more

Original release date: January 24, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — acrobat_dc Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in… Read more

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers. Read more

QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware. Read more

The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions. Read more

Original release date: January 24, 2022 CISA has published an infographic to emphasize the importance of implementing network segmentation—a physical or virtual architectural approach that divides a network into multiple segments, each acting as its own subnetwork, to provide additional security and control that can help prevent or minimize the impact of a cyberattack. CISA… Read more

What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets. Read more

Original release date: January 21, 2022 McAfee has released McAfee Agent for Windows version 5.7.5, which addresses vulnerabilities CVE-2021-31854 and CVE-2022-0166. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review McAfee Security Bulletin SB10378 and apply the necessary update. CISA also encourages users and administrators… Read more

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. Read more