Our news
-
20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
-
McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
-
Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
-
Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug
SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices.
-
F5 Releases January 2022 Quarterly Security Notification
Original release date: January 20, 2022 F5 has released its January 2022 Quarterly Security Notification addressing vulnerabilities affecting multiple versions of BIG-IP, BIG-IQ, and NGINX Controller API Management. A remote attacker could exploit these vulnerabilities to either deny service to, or take control of, an affected system. CISA encourages users and administrators to review the…
-
Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
-
CISA Releases Final Version of Guidance: IPv6 Considerations for TIC 3.0
Original release date: January 20, 2022 CISA has released the final version of Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0. This guidance supports the federal government-wide deployment and use of the modernized network protocol. The final version includes feedback provided during the public comment period that ended in October 2021.…
-
Box 2FA Bypass Opens User Accounts to Attack
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.
-
Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks
Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.
-
The Log4j Vulnerability Puts Pressure on the Security World
It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.