What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-16 14:05:46 | Security Expert Re: US-CERT Notes Record Number Of Vulnerabilities For 4th Year In A Row (lien direct) | Today the US-CERT Vulnerability Database recorded 17,447 vulnerabilities, which is a new high and makes 2020 the fourth year in a row that a record number of vulnerabilities has been published. There were 17,306… The ISBuzz Post: This Post Security Expert Re: US-CERT Notes Record Number Of Vulnerabilities For 4th Year In A Row | Vulnerability | ||
|
2020-12-14 16:15:34 | Security Expert Re: Critical Glassdoor Vulnerability Impacts Both Job Seekers And Employers (lien direct) | A critical CSRF vulnerability found on the Glassdoor company review platform impacted both job seekers and employers on the web domain. The vulnerability could be exploited to take over accounts. The ISBuzz Post: This Post Security Expert Re: Critical Glassdoor Vulnerability Impacts Both Job Seekers And Employers | Vulnerability | ||
|
2020-12-02 13:06:20 | Expert Reaction On Half Of All Docker Hub Images Have At Least One Critical Vulnerability (lien direct) | It has been reported that a new security analysis of 4 million container images hosted on the Docker Hub repository revealed that over half contained at least one critical vulnerability and thousands contained… The ISBuzz Post: This Post Expert Reaction On Half Of All Docker Hub Images Have At Least One Critical Vulnerability | Vulnerability | ||
|
2020-12-02 12:09:38 | DarkIRC Bot Hits Oracle WebLogic vuln, Steals Bitcoin, Hijacks Browsers – Experts Perspective (lien direct) | In response to new research that the DarkIRC bot exploits recent Oracle WebLogic vulnerability to drop attacks such as a browser stealer, a keylogger, a Bitcoin Clipper, a worm and other… The ISBuzz Post: This Post DarkIRC Bot Hits Oracle WebLogic vuln, Steals Bitcoin, Hijacks Browsers – Experts Perspective | Vulnerability | ||
|
2020-11-26 19:15:41 | Mobileiron Vulnerability Used By State-backed Hackers To Break Into Networks – Experts Insight (lien direct) | Cyber criminals are actively exploiting the vulnerabilities in mobile device managment (MDM) solutions to successfully gain access to networks across government, healthcare and other industries as reported. An alert warning is… The ISBuzz Post: This Post Mobileiron Vulnerability Used By State-backed Hackers To Break Into Networks – Experts Insight | Vulnerability | ||
|
2020-11-26 13:35:11 | Two-Factor Authentication Bypass Flaw Affects 70 Million+ Domains (lien direct) | Researchers have uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel &WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable… The ISBuzz Post: This Post Two-Factor Authentication Bypass Flaw Affects 70 Million+ Domains | Vulnerability | ||
|
2020-11-12 13:05:40 | Experts Reacted Microsoft\'s New Patch Tuesday Format: “A Bad Move” And “Disappointing” (lien direct) | In response to Microsoft's new format of Patch Tuesday releases, which removes a lot of critical vulnerability detail that companies rely on to determine the severity of each flaw, Cybersecurity… The ISBuzz Post: This Post Experts Reacted Microsoft’s New Patch Tuesday Format: “A Bad Move” And “Disappointing” | Vulnerability | ||
|
2020-11-02 11:00:03 | Security Expert Re: Microsoft Warns Again About Critical Zerologon Vulnerability (lien direct) | Microsoft issued yet another warning that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol (MS-NRPC). On Windows Server devices where the vulnerability was not patched, attackers can spoof a domain controller account to steal domain credentials and take over the entire domain following … The ISBuzz Post: This Post Security Expert Re: Microsoft Warns Again About Critical Zerologon Vulnerability | Vulnerability Threat | ||
|
2020-10-03 16:53:22 | Expert On GCHQ Discovered \'Nationally Significant\' Vulnerability In Huawei Equipment (lien direct) | A “nationally significant” vulnerability were discovered in Huawei equipment used in the UK’s telecommunications networks. Vulnerabilities are usually software design failures which could allow hostile actors (in particular the Chinese state when it comes to Huawei) to conduct a cyber attack. They are not necessarily intentional and can’t be seen as an indication of any hostile intent … The ISBuzz Post: This Post Expert On GCHQ Discovered ‘Nationally Significant’ Vulnerability In Huawei Equipment | Vulnerability | ||
|
2020-09-30 11:16:09 | What You Need To Know About Zerologon (lien direct) | Microsoft released an update for CVE-2020-1472 (now known as Zerologon) on August 11, 2020. The Elevation of Privilege vulnerability exists in the Netlogon Remote Protocol and can allow an unauthenticated attacker to obtain domain administrator access. The vulnerability has a CVSSv3 base score of 10 and is rated as critical by Microsoft. The update had a planned … The ISBuzz Post: This Post What You Need To Know About Zerologon | Vulnerability | ||
|
2020-09-25 15:33:53 | (Déjà vu) Security Experts On Instagram bug lets hackers \'snoop on you through your phone\' by sending a single image file (lien direct) | Security researchers at Check Point published research today, identifying a Remote Control Execution (RCE) vulnerability in Instagram. The attacker would only need a single, malicious image to execute the attack. Check Point researchers summarised the attack method to three steps: The attacker sends an image to a target victim’s email, WhatsApp or other media exchange platform. … The ISBuzz Post: This Post Security Experts On Instagram bug lets hackers 'snoop on you through your phone' by sending a single image file | Vulnerability | ||
|
2020-09-25 15:33:53 | Security expert re: Instagram vulnerability left app open to hijacking (lien direct) | An RCE vulnerability in Instagram opened up an opportunity for hackers to hijack the app, and turn smartphones into spies. The ISBuzz Post: This Post Security expert re: Instagram vulnerability left app open to hijacking | Vulnerability | ||
|
2020-09-24 16:32:44 | US DOD Issues Directive For Organisations To Patch Windows Zerologon Vulnerability – Expert Input (lien direct) | The U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) over the past weekend issued a directive for government departments and agencies, as well as the private sector, to apply the recently released Windows Server security update to all domain controllers. The ISBuzz Post: This Post US DOD Issues Directive For Organisations To Patch Windows Zerologon Vulnerability – Expert Input | Vulnerability | ||
|
2020-09-24 12:07:36 | Comment: Vulnerability allows hackers full access to Instagram accounts (lien direct) | Security researchers at Check Point just-published research, identifying a Remote Control Execution (RCE) vulnerability in Instagram. The attacker would only need a single, malicious image to execute the attack. Check Point researchers summarised the attack method to three steps: In effect, the vulnerability gives the attacker full control over the Instagram app and turns it into … The ISBuzz Post: This Post Comment: Vulnerability allows hackers full access to Instagram accounts | Vulnerability | ||
|
2020-09-16 16:11:08 | Expert Reacted On Tug Owners Warned After First Detected Cyber Attack (lien direct) | It has been reported that tug owners have been warned to be vigilant for cyber attacks and malware after a tug in the US was targeted. Towage vessels and their crews are increasingly connected to online services during operations, increasing their vulnerability to cyber threats, malware, viruses and hackers. These concerns were raised by the … The ISBuzz Post: This Post Expert Reacted On Tug Owners Warned After First Detected Cyber Attack | Malware Vulnerability | ||
|
2020-09-11 10:32:34 | Experts On “Giggle” user community exposes womens\' images, location data, and more – ignored vuln. warnings, uses flawed verification (lien direct) | The new vulnerability report Giggle; laughable security from Digital Interruption reveals that the Giggle user community's founders ignored warnings of a serious vulnerability that exposed women and teens' location and other data, exposing them to sharp risk. The report also details the Giggle team's failure to delete user data when accounts are deleted; and flawed and … The ISBuzz Post: This Post Experts On “Giggle” user community exposes womens' images, location data, and more – ignored vuln. warnings, uses flawed verification | Vulnerability | ||
|
2020-09-11 10:23:16 | Security expert re: 600,000 WordPress sites attacked due to critical vulnerability (RCE flaw) (lien direct) | More than 600,000 WordPress sites running vulnerable File Manager plugin versions are being attacked due to a critical remote code execution flaw, and the attackers have also been seen protecting the sites they compromised from other bad actors’ attacks. The ISBuzz Post: This Post Security expert re: 600,000 WordPress sites attacked due to critical vulnerability (RCE flaw) | Vulnerability | ||
|
2020-09-08 10:34:15 | Experts on News: Hackers exploiting critical flaw found across millions of WordPress sites (lien direct) | Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday. The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in “File Manager,” a popular WordPress plugin installed on more than 700,000 sites. The zero-day was an unauthenticated … The ISBuzz Post: This Post Experts on News: Hackers exploiting critical flaw found across millions of WordPress sites | Vulnerability | ||
|
2020-09-04 18:58:51 | Expert On Study Finds Serious Problems With Vulnerability Management (lien direct) | The majority of IT departments are underestimating the maturity of their vulnerability remediation programs by a wide margin, according to a study from Vulcan Cyber. The company said it was surprised that most organizations think that they are much further along in their work in patching known vulnerabilities yet they have barely begun the work required. “What … The ISBuzz Post: This Post Expert On Study Finds Serious Problems With Vulnerability Management | Vulnerability Patching | ||
|
2020-09-04 15:02:20 | Slack Desktop App Vulnerability – Expert Source (lien direct) | Collaboration company Slack disclosed a Remote Code Execution (RCE) flaw on August 31st, 2020, affecting users of its Windows, Mac OS, and Linux desktop application versions. Users that click on an HTML injected image are redirected to an attacker's server where a malicious JavaScript payload is executed within the Slack application on the user's local … The ISBuzz Post: This Post Slack Desktop App Vulnerability – Expert Source | Vulnerability | ||
|
2020-09-02 20:12:33 | WordPress Critical Vulnerability – Industry Comment (lien direct) | Following the news that hackers are exploiting a critical vulnerability affecting more than 350,000 WordPress sites, please see comment below from cybersecurity expert. The ISBuzz Post: This Post WordPress Critical Vulnerability – Industry Comment | Vulnerability | ||
|
2020-08-24 04:13:13 | Vulnerability In Java-powered 3G System Could Impact Millions Of IoT Devices (lien direct) | A vulnerability in Thales’ Cinterion EHS8 M2M module, a Java-powered embedded 3G system used in millions of Internet-of-Things devices for connectivity, was revealed yesterday, as reported by The Register. The bug (CVE-2020-15858), was discovered by IBM’s X-Force Red and disclosed to Thales, who addressed it in a patch made available to IoT vendors in February. This … The ISBuzz Post: This Post Vulnerability In Java-powered 3G System Could Impact Millions Of IoT Devices | Vulnerability | ||
|
2020-08-24 03:51:03 | Security Expert Re: MITRE Publishes 2020 List Of Top 25 Most Dangerous Software Weaknesses (lien direct) | The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, today released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead … The ISBuzz Post: This Post Security Expert Re: MITRE Publishes 2020 List Of Top 25 Most Dangerous Software Weaknesses | Vulnerability Guideline | ||
|
2020-08-18 13:09:25 | “GlueBall” Microsoft Windows Spoofing Vulnerability – Expert Source (lien direct) | As part of its Patch Tuesday release on August 11, 2020, Microsoft included a zero day vulnerability that went unfixed for several years. This vulnerability, CVE-2020-1464 and dubbed “GlueBall”, could allow an attacker to bypass security features built into Windows to validate file signatures, ultimately allowing an attacker to run improperly signed binaries on a system. This spoofing vulnerability … The ISBuzz Post: This Post “GlueBall” Microsoft Windows Spoofing Vulnerability – Expert Source | Vulnerability | ||
|
2020-08-07 18:14:13 | Comment On Facebook Plugin Vulnerability (lien direct) | A new high severity WordPress vulnerability has been found in a Facebook chat plugin, which has been installed on over 80,000 WordPress websites. If exploited, attackers would be able to obtain “authorized” access to the chat plugin and be able to communicate with site visitors to carry out social engineering attacks in an effort to … The ISBuzz Post: This Post Comment On Facebook Plugin Vulnerability | Vulnerability | ||
|
2020-08-05 20:08:24 | Expert Reaction On Mirai Botnet Is Targeting RCE Vulnerability In F5 BIG-IP Software (lien direct) | It has been reported that the Mirai botnet is now trying to exploit a critical RCE bug in F5 BIG-IP software. It scans for exposed BIG-IP boxes and then exploit with malicious payload, The successful exploitation will enable the attacker to ” to create or delete files, disable services, intercept information, run arbitrary system commands … The ISBuzz Post: This Post Expert Reaction On Mirai Botnet Is Targeting RCE Vulnerability In F5 BIG-IP Software | Vulnerability | ||
|
2020-08-04 08:11:05 | Comments on Meetup Vulnerability (lien direct) | Meetup, a popular community-building events platform with 44 million members, was left open to attacks that could have resulted in data loss and, ultimately, the redirection of payments. The ISBuzz Post: This Post Comments on Meetup Vulnerability | Vulnerability | ||
|
2020-07-30 11:28:44 | Expert Reaction On Maximum Severity Vulnerability in WordPress wpDiscuz Plugin (lien direct) | According to researchers, a maximum severity vulnerability in the wpDiscuz plugin installed on over 80,000 WordPress sites can be exploited to give attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server. The ISBuzz Post: This Post Expert Reaction On Maximum Severity Vulnerability in WordPress wpDiscuz Plugin | Vulnerability | ||
|
2020-07-23 09:08:31 | Cybersecurity Experts on findings of Skybox Security 2020 Vulnerability and Threat Trends Report (lien direct) | The newly-issued Skybox Security 2020 Vulnerability and Threat Trends Report is out this morning, analyzing the vulnerabilities, exploits, and threats active in 1H:2020 in the chaos surrounding the COVID-19 pandemic. Among key findings: 20,000+ new vulnerability reports predicted for 2020, shattering previous records 50% increase in mobile vulnerabilities highlights the dangers of blurring the line between … The ISBuzz Post: This Post Cybersecurity Experts on findings of Skybox Security 2020 Vulnerability and Threat Trends Report | Vulnerability Threat | ||
|
2020-07-15 10:25:45 | Expert Insight On SAP Critical Bug Allows Unrestricted Access to ERP, CRM (lien direct) | SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, which would allow an unauthenticated attacker to take control of SAP applications. The ISBuzz Post: This Post Expert Insight On SAP Critical Bug Allows Unrestricted Access to ERP, CRM | Vulnerability | ||
|
2020-07-13 09:48:16 | Expert Advise on Zoom Zero Day Vulnerability Allows Hackers to Target Windows 7 PCs (lien direct) | A previously unknown flaw in the videoconferencing software Zoom could allow a hacker to remotely commandeer computers running old versions of the Microsoft Windows operating system, security researchers said Thursday. A hacker who successfully exploits the vulnerability could access files on the vulnerable computer, said Mitja Kolsek, chief executive of ACROS Security, the Slovenian cybersecurity … The ISBuzz Post: This Post Expert Advise on Zoom Zero Day Vulnerability Allows Hackers to Target Windows 7 PCs | Vulnerability | ||
|
2020-07-13 09:21:35 | Security Expert Re: XSS Vulnerability Impacts 100,000 WordPress Websites with KingComposer Plugin (lien direct) | A reflected cross-site scripting (XSS) vulnerability impacting 100,000 websites has been patched in the KingComposer WordPress plugin. A patched version of the plugin, version 2.9.5, was released on June 29. While approximately 62% of users have updated to version 2.9.5, around 38% of websites with KingComposer enabled are still at risk of exploit. The ISBuzz Post: This Post Security Expert Re: XSS Vulnerability Impacts 100,000 WordPress Websites with KingComposer Plugin | Vulnerability | ||
|
2020-07-13 09:07:16 | Security Expert Re: New WordPress RCE Exploit (CVSS Score 10.0 ) (lien direct) | Webmasters who use WordPress plugin Adning Advertising are urged to patch against a critical vulnerability that is reportedly being exploited in the wild. Exploitation of the flaw enables an unauthenticated attacker to upload arbitrary files, leading to remote code execution (RCE) and potentially a full site takeover. Such is the flaw's seriousness, MITRE has assigned … The ISBuzz Post: This Post Security Expert Re: New WordPress RCE Exploit (CVSS Score 10.0 ) | Vulnerability Guideline | APT 19 | |
|
2020-07-10 10:11:40 | Smartwatch Hack Could Have Been Fatal To The Elderly – Comment From Expert (lien direct) | A critical vulnerability was found in smartwatch software used to help elderly patients. The vulnerability would have allowed hackers to access the watches, sometimes designed to help elderly patients with dementia, and fatally interfere with their treatment. The ISBuzz Post: This Post Smartwatch Hack Could Have Been Fatal To The Elderly – Comment From Expert | Hack Vulnerability | ||
|
2020-07-10 09:57:09 | (Déjà vu) Security Expert On Zoom Zero-day Vulnerability (lien direct) | Video conferencing software Zoom is working on patching a zero-day vulnerability that was disclosed online earlier today in a blog post by cyber-security firm ACROS Security. The security firm said the zero-day impacts Zoom’s Windows client, but only when the clients are running on old Windows OS versions, such as Windows 7 and Windows Server … The ISBuzz Post: This Post Security Expert On Zoom Zero-day Vulnerability | Vulnerability Patching | ||
|
2020-07-03 16:37:19 | Ripple20 Vulnerability – Expert Source (lien direct) | As of June 16, 2020, a total of 19 vulnerabilities, collectively called Ripple20, were found within an embedded TCP/IP stack software library. This library, developed by Treck, Inc. was used in the manufacturing chain across all industries and could affect several hundred million connected devices. There are at least 21 confirmed affected vendors including Aruba Networks, Cisco, … The ISBuzz Post: This Post Ripple20 Vulnerability – Expert Source | Vulnerability | ||
|
2020-07-03 09:42:12 | F5 Fixes Critical Vulnerability Discovered by Positive Technologies in BIG-IP Application Delivery Controller (lien direct) | Positive Technologies expert Mikhail Klyuchnikov has discovered a vulnerability in the configuration interface of the BIG-IP application delivery controller (ADC) used by some of the world’s biggest companies. Attackers can run commands as an unauthorized user and completely compromise a system, including the interception of controller application traffic. The vulnerability can be exploited remotely. According to … The ISBuzz Post: This Post F5 Fixes Critical Vulnerability Discovered by Positive Technologies in BIG-IP Application Delivery Controller | Vulnerability | ||
|
2020-07-01 14:35:44 | US Cyber Command Says Foreign Hackers Will Most Likely Exploit New Palo Alto Networks Security Bug – Expert Insight (lien direct) | US Cyber Command said today that foreign state-sponsored hacking groups are likely to exploit a major security bug disclosed today in PAN-OS, the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks. The CVE-2020-2021 vulnerability is one of those rare security bugs that received a 10 out of 10 score on … The ISBuzz Post: This Post US Cyber Command Says Foreign Hackers Will Most Likely Exploit New Palo Alto Networks Security Bug – Expert Insight | Vulnerability | ||
|
2020-06-09 11:22:47 | Expert Insight On CallStranger Vulnerability Lets Attacks Bypass Security Systems And Scan LANs (lien direct) | A severe vulnerability has been discovered in a core protocol found in almost all internet of things (IoT) devices. The vulnerability, named CallStranger, allows attackers to hijack smart devices for distributed denial of service (DDoS) attacks, but also for attacks that bypass security solutions to reach and conduct scans on a victim’s internal network — effectively granting attackers … The ISBuzz Post: This Post Expert Insight On CallStranger Vulnerability Lets Attacks Bypass Security Systems And Scan LANs | Vulnerability | ||
|
2020-06-01 10:29:18 | NSA Warns Of Russian Hacker Attacks – Industry Comment (lien direct) | Following the NSA's warning that a Russian hacker group has been exploiting a known vulnerability in Exim, please find commentary from Industry leader. The ISBuzz Post: This Post NSA Warns Of Russian Hacker Attacks – Industry Comment | Vulnerability Guideline | ||
|
2020-05-28 10:22:16 | Expert Advise On StrandHogg Bug Enables Android App Hijacking (lien direct) | A critical vulnerability found in Android devices could potentially be exploited to hijack virtually all mobile apps, according to SC Magazine. This elevation-of-privilege vulnerability could be exploited without root access or user permission, allowing hackers to spy on individuals or steal their login credentials. While Android 10 is not affected by the vulnerability, Google has developed … The ISBuzz Post: This Post Expert Advise On StrandHogg Bug Enables Android App Hijacking | Vulnerability | ||
|
2020-05-27 10:33:36 | StrandHogg 2.0 Android Vulnerability Is Hard To Detect: Leaving 39.2 Percent Of Android Devices Vulnerable Forever – Expert Insight (lien direct) | The ISBuzz Post: This Post StrandHogg 2.0 Android Vulnerability Is Hard To Detect: Leaving 39.2 Percent Of Android Devices Vulnerable Forever – Expert Insight | Vulnerability | ||
|
2020-05-26 18:38:16 | Comment: New Android Bug Lets Malware Pose As Real Apps And Steal User Data (lien direct) | It has been reported that security researchers have found a major vulnerability in almost every version of Android, which lets malware imitate legitimate apps to steal app passwords and other sensitive data. The vulnerability, dubbed Strandhogg 2.0 (named after the Norse term for a hostile takeover) affects all devices running Android 9.0 and earlier. It's the “evil twin” to … The ISBuzz Post: This Post Comment: New Android Bug Lets Malware Pose As Real Apps And Steal User Data | Malware Vulnerability | ||
|
2020-05-18 13:03:27 | Expert On New research: surge in API attacks during Lockdown (lien direct) | Researchers at Cequence Security today published new information about a recent surge in API attacks, a major source of vulnerability that Cequence believes businesses aren't sufficiently protecting against. “Tales from the Front Line” offers an insider’s analysis of one customer’s data (anonymized) from specific API attacks over the last four weeks. CQ Prime researchers found: up to an 85% week … The ISBuzz Post: This Post Expert On New research: surge in API attacks during Lockdown | Vulnerability | ||
|
2020-05-05 16:23:59 | (Déjà vu) Experts On News: Ghost Confirms Hack Attack – 750,000 Users Spooked By Critical Vulnerability (lien direct) | It has been reported that Popular open-source blogging platform with more than 2 million installs confirms it has been hacked. Although most people tend to immediately think of WordPress when asked to name a blogging platform, it certainly isn’t the only player in town. The self-proclaimed “world’s most popular modern open-source publishing platform,” Ghost, includes big-name customers such … The ISBuzz Post: This Post Experts On News: Ghost Confirms Hack Attack – 750,000 Users Spooked By Critical Vulnerability | Hack Vulnerability | ||
|
2020-05-01 15:33:18 | Cybersecurity Expert Reaction On Fingerprints Exposed By OnePlus Vulnerability (lien direct) | A OnePlus 7 security flaw could have exposed users' fingerprints to hackers, according to Trusted Reviews. Although the vulnerability has now been fixed, it has not yet been revealed how long it was present for, meaning that bad actors may have been able to gain access to bitmap fingerprint images. This technology has previously proven to be … The ISBuzz Post: This Post Cybersecurity Expert Reaction On Fingerprints Exposed By OnePlus Vulnerability | Vulnerability | ||
|
2020-04-30 15:15:21 | Expert Reaction On Two Usenet Providers Blame Data Breaches On Partner Company (lien direct) | Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on “a security vulnerability at a partner company. “Neither UseNeXT nor Usenet.nl have named the third-party company whose software enabled the intrusion. It is unclear if this is referring to a Usenet desktop client or … The ISBuzz Post: This Post Expert Reaction On Two Usenet Providers Blame Data Breaches On Partner Company | Vulnerability | ||
|
2020-04-29 15:35:50 | (Déjà vu) Expert Insight On Hackers Are Creating Backdoor Accounts And Cookie Files On WordPress Sites Running OneTone (lien direct) | Following a report by ZDNet, hackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts. The campaign has been going since the start of the month, and it’s still underway. The vulnerability is a cross-site scripting (XSS) bug in … The ISBuzz Post: This Post Expert Insight On Hackers Are Creating Backdoor Accounts And Cookie Files On WordPress Sites Running OneTone | Vulnerability | ||
|
2020-04-28 13:12:16 | (Déjà vu) Expert Reaction On Hackers Exploit Zero-day In Sophos XG Firewall, Fix Released (lien direct) | It has been reported that Sophos has fixed a zero-day SQL injection vulnerability in their XG Firewall after receiving reports that hackers actively exploited it in attacks. The ISBuzz Post: This Post Expert Reaction On Hackers Exploit Zero-day In Sophos XG Firewall, Fix Released | Vulnerability | ||
|
2020-04-23 14:28:12 | Expert Insight On iPhone Zero-Day Hack Found In The Wild (lien direct) | It has been reported that a new potentially serious software vulnerability has been discovered in iOS 13 that works via the default Mail app on iPhone and iPad. ZecOps detailed its findings in a blog post, with the most serious vulnerability of the two affecting the latest iOS 13 public release. According to the researchers, these vulnerabilities are widely exploited in the … The ISBuzz Post: This Post Expert Insight On iPhone Zero-Day Hack Found In The Wild | Hack Vulnerability |
To see everything:
Our RSS (filtrered)
