Vulnerabilities – Threatpost
Critical WordPress e-Learning Plugin Bugs Open Door to Cheating
The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to cha…
Read more >>
Vulnerabilities – Threatpost
High-Severity Cisco IOS XE Flaw Threatens SD-WAN Routers
Cisco's IOS XE software for SD-WAN routers has a high-severity insufficient input validation fl…
Read more >>
Vulnerabilities – Threatpost
Critical GitLab Flaw Earns Bounty Hunter $20K
A GitLab path traversal flaw could allow attackers to read arbitrary files and remotely execute cod…
Read more >>
Vulnerabilities – Threatpost
Enterprise Security Woes Explode with Home Networks in the Mix
Thanks to WFH, IoT refrigerators, Samsung TVs and more can now be back-channel proxies into the cor…
Read more >>
Vulnerabilities – Threatpost
Critical Adobe Illustrator, Bridge and Magento Flaws Patched
Adobe fixed critical flaws in Illustrator, Magento and Bridge in an out-of-band security update. Vi…
Read more >>
Vulnerabilities – Threatpost
WordPress Plugin Bug Opens 100K Websites to Compromise
Legions of website visitors could be infected with drive-by malware, among other issues, thanks to …
Read more >>
Vulnerabilities – Threatpost
Hackers Mount Zero-Day Attacks on Sophos Firewalls
A pre-auth SQL injection bug leading to remote code execution is at the heart of a data-stealing ca…
Read more >>
Vulnerabilities – Threatpost
U.S. Universities Hit With ‘Adult Dating’ Spear-Phishing Attack
More than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncove…
Read more >>
Vulnerabilities – Threatpost
Single Malicious GIF Opened Microsoft Teams to Nasty Attack
Now patched flaw allowed attacker to take over an organization’s entire roster of Microsoft Teams a…
Read more >>
Vulnerabilities – Threatpost
SAS@home Virtual Summit Showcases New Threat Intel, Industry Changes
The free online conference, scheduled for April 28-30, will feature top security researchers from a…
Read more >>
Vulnerabilities – Threatpost
Latest Apple Text-Bomb Crashes iPhones via Message Notifications
Sindhi-language characters can crash iPhones and other iOS/macOS devices if a victim views texts, T…
Read more >>
Vulnerabilities – Threatpost
Apple Patches Two iOS Zero-Days Abused for Years
Researchers revealed two zero-day security vulnerabilities affecting Apple's stock Mail app on …
Read more >>
Vulnerabilities – Threatpost
Connected Home Hubs Open Houses to Full Remote Takeover
Users should update their firmware for three popular smart-home hubs. Via Vulnerabilities – Threatp…
Read more >>
Vulnerabilities – Threatpost
Microsoft Issues Out-Of-Band Security Update For Office, Paint 3D
The flaws exist in Autodesk's FBX library, integrated in Microsoft's Office, Office 365 Pro…
Read more >>
Vulnerabilities – Threatpost
NFL Tackles Cybersecurity Concerns Ahead of 2020 Draft Day
Researchers weigh in on potential security concerns surrounding the 2020 NFL Draft. Via Vulnerabili…
Read more >>
Vulnerabilities – Threatpost
RCE Exploit Released for IBM Data Risk Manager, No Patch Available
Three separate flaws can be chained to achieve full system compromise. Via Vulnerabilities – Threat…
Read more >>
Vulnerabilities – Threatpost
Deepfakes and AI: Fighting Cybersecurity Fire with Fire
To successfully mitigate evolving attacks, security teams must use the exact same AI tools that cre…
Read more >>
Vulnerabilities – Threatpost
Mootbot Botnet Targets Fiber Routers with Dual Zero-Days
Researchers saw several IoT botnets using one of the bugs in the wild after a proof-of-concept was …
Read more >>
Vulnerabilities – Threatpost
Foxit PDF Reader, PhantomPDF Open to Remote Code Execution
Foxit Reader and PhantomPDF are plagued by several high-severity flaws that, if exploited, could en…
Read more >>
Vulnerabilities – Threatpost
DHS Urges Pulse Secure VPN Users To Update Passwords
The DHS urged organizations to update their passwords and make sure that a critical Pulse Secure VP…
Read more >>
Vulnerabilities – Threatpost
Cisco IP Phone Harbors Critical RCE Flaw
Cisco stomped out a critical vulnerability in its IP Phone web server that could enable remote code…
Read more >>
Technology
You’ve Cleaned Your House, Your Yard, and Your Garage. Up Next? Your Computer
If you’re one of the millions of people largely stuck at home during the COVID-19 outbrea…
Read more >>
Vulnerabilities – Threatpost
Alleged Zoom Zero-Days for Windows, MacOS for Sale, Report
Alleged Windows flaw allows for remote code execution and is being flogged for $500,000. Via Vulner…
Read more >>
Vulnerabilities – Threatpost
Tencent Ups Top Bug-Bounty Award to $15K
The Chinese ISP has expanded its program via HackerOne. Via Vulnerabilities – Threatpost https://th…
Read more >>
Technology
Apple’s New iPhone SE Offers Most of the Features at a Fraction of the Price
(Bloomberg) — Apple Inc. unveiled the new iPhone SE, its first low-cost smartphone in fou…
Read more >>
Vulnerabilities – Threatpost
Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module
Intel fixed nine high- and medium-severity flaws in its April security update, which could enable p…
Read more >>
Vulnerabilities – Threatpost
April Patch Tuesday: Microsoft Battles 4 Bugs Under Active Exploit
Microsoft issued 113 patches in a big update, unfortunately for IT staff already straining under WF…
Read more >>
Vulnerabilities – Threatpost
Adobe Fixes ‘Important’ Flaws in ColdFusion, After Effects and Digital Editions
While Adobe's regularly scheduled security updates were light this month, they fixed "impo…
Read more >>
Vulnerabilities – Threatpost
Cyberattacks Target Healthcare Orgs on Coronavirus Frontlines
Cybercriminals aren't sparing medical professionals, hospitals and healthcare orgs on the front…
Read more >>
Vulnerabilities – Threatpost
TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds
The popular video-sharing apps’s use of HTTP to download media content instead of a secure protocol…
Read more >>
Vulnerabilities – Threatpost
Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update
Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch U…
Read more >>
Technology
These Tech Companies Managed to Eradicate ISIS Content. But They’re Also Erasing Crucial Evidence of War Crimes
Filmed by a Syrian opposition soldier riding in the back of a pickup truck, the shaky f…
Read more >>
Vulnerabilities – Threatpost
Critical VMware Bug Opens Up Corporate Treasure to Hackers
The bug -- rated 10 in severity -- potentially affects large numbers of corporate VMs and hosts. Vi…
Read more >>
Vulnerabilities – Threatpost
Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit
The online videoconferencing service added Alex Stamos to the team and has also formed an expert ad…
Read more >>
Vulnerabilities – Threatpost
‘Unbreakable’ Smart Lock Draws FTC Ire for Deceptive Security Claims
Tapplock catches heat for patched vulnerabilities -- because of its claims that its smart locks can…
Read more >>
Technology
‘We Learned a Lesson.’ Zoom’s CEO Wants You to Trust the Company Again
As businesses, schools and other organizations were forced to quickly, and sometimes hapha…
Read more >>
Vulnerabilities – Threatpost
PowerPoint ‘Weakness’ Opens Door to Malicious Mouse-Over Attack
Novel hack allows an attacker to create a mouse-over in a PowerPoint file that triggers the install…
Read more >>
Vulnerabilities – Threatpost
ThreatList: Skype-Themed Apps Hide a Raft of Malware
Hundreds of thousands of malware files are disguised as well-known social conferencing and collabor…
Read more >>
Vulnerabilities – Threatpost
‘Fake Fingerprints’ Bypass Scanners with 3D Printing
New research used 3D printing technology to bypass fingerprint scanners, and tested it against Appl…
Read more >>
Vulnerabilities – Threatpost
Serious Exchange Flaw Still Plagues 350K Servers
The Microsoft Exchange vulnerability was patched in February and has been targeted by several threa…
Read more >>
Vulnerabilities – Threatpost
Official Government COVID-19 Mobile Apps Hide a Raft of Threats
Android apps launched for citizens in Iran, Colombia and Italy offer cyberattackers new attack vect…
Read more >>
Vulnerabilities – Threatpost
A Brisk Private Trade in Zero-Days Widens Their Use
More zero-day exploits coming up for sale by NSO Group and others is democratizing the attack vecto…
Read more >>
Vulnerabilities – Threatpost
FBI Threatens ‘Zoom Bombing’ Trolls With Jail Time
The FBI is cracking down on the practice of Zoom bombing, saying the hijacking of web conferences c…
Read more >>
Vulnerabilities – Threatpost
Apple Safari Flaws Enable One-Click Webcam Access
The white hat hacker who discovered the vulnerabilities received a $75,000 from Apple's bug-bou…
Read more >>
Vulnerabilities – Threatpost
Government VPN Servers Targeted in Zero-Day Attack
The attacks are being carried out against Chinese government interests worldwide, according to Qiho…
Read more >>
Vulnerabilities – Threatpost
Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?
COVID-19’s effect on work footprints has created an unprecedented challenge for IT and security sta…
Read more >>
Vulnerabilities – Threatpost
Firefox Zero-Day Flaws Exploited in the Wild Get Patched
Mozilla Foundation rushes patches to fix bugs in its browser that could allow for remote code execu…
Read more >>
Vulnerabilities – Threatpost
Google Squashes High-Severity Flaws in Chrome Browser
Google is rolling out the newest Chrome browser version, 80.0.3987.162, in the coming days. Via Vul…
Read more >>
Technology
Zoom Is Struggling With Security Flaws as Demand for Videoconferencing Spikes
During the coronavirus pandemic, it seems as if everyone is connecting with Zoom’s videoco…
Read more >>
Vulnerabilities – Threatpost
Zoom Removes Data-Mining LinkedIn Feature
The feature, criticized for "undisclosed data-mining," is only the latest privacy faux pa…
Read more >>
Vulnerabilities – Threatpost
Critical WordPress Plugin Bug Can Lock Admins Out of Websites
A second vulnerability could be used to prevent access to almost all of a site’s existing content, …
Read more >>
Vulnerabilities – Threatpost
Two Zoom Zero-Day Flaws Uncovered
The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to…
Read more >>
Technology
Working From Home? Here Are 8 Ways to Boost Your Internet Speed
As more people work from home to help mitigate the spread of COVID-19, they’re using their…
Read more >>
