20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
More than 20,000 WordPress sites are vulnerable to malicious code injection,...
Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug
SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices.
Threat actors have weaponized a newly discovered bug in SolarWinds Serv-U...
Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
Cisco released...
Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks
Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.
The mobile app that all...
Box 2FA Bypass Opens User Accounts to Attack
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.
UPDATE
A security hole in Box, the cloud-based...
The Log4j Vulnerability Puts Pressure on the Security World
It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.
It’s not my intention to be alarmist about the Log4j...
Organizations Face a ‘Losing Battle’ Against Vulnerabilities
Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said.
After a banner year for vulnerabilities and cyberattacks in...
Critical ManageEngine Desktop Server Bug Opens Orgs to Malware
Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.
A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central...
Critical Cisco Contact Center Bug Threatens Customer-Service Havoc
Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers.
A critical security bug affecting Cisco’s Unified Contact Center...
Real Big Phish: Mobile Phishing & Managing User Fallibility
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.
According to...