‘Trojan Source’ Hides Invisible Bugs in Source Code
The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware.
Researchers have found a new way...
WordPress Plugin Bug Lets Subscribers Wipe Sites
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.
Researchers have discovered...
Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
Vendor: Apple
Vendor URL: https://www.apple.com/
Versions affected: xar 1.8-dev
Systems Affected: macOS versions below 12.0.1
Author: Richard Warren
Advisory URL: https://support.apple.com/en-gb/HT212869
CVE Identifier: CVE-2021-30833
Risk: 5.0 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Summary
XAR is a file archive format used in...
War-Driving Technique Allows Wi-Fi Password-Cracking at Scale
A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.
War-driving – the process of driving around mapping residential Wi-Fi networks...
Adobe’s Surprise Security Bulletin Dominated by Critical Patches
Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure.
Adobe has dropped a mammoth out-of-band security...
Defending Assets You Don’t Know About, Against Cyberattacks
No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core...
Why the Next-Generation of Application Security Is Needed
New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.
By David...
CISA Urges Sites to Patch Critical RCE in Discourse
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.
Discourse – the...
Cisco SD-WAN Security Bug Allows Root Code Execution
The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.
Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could lead...
Why is Cybersecurity Failing Against Ransomware?
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.
Yes,...