5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack
A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin.
A patch for the popular WordPress plugin...
Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)
Vendor: Silver Peak
Vendor URL: https://www.silver-peak.com
Versions affected: All EdgeConnect OS versions prior to 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
Systems Affected: Unity EdgeConnect Appliance & Orchestrator
CVE Identifier: CVE-2020-12148 (nslookup API),...
Easy WP SMTP Security Bug Can Reveal Admin Credentials
A poorly configured file opens users up to site takeover.
Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could...
Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts
The insider threat will go to jail for two years after compromising Cisco’s cloud infrastructure.
A man has been sentenced to two years in jail after being convicted of hacking...
Security Issues in PoS Terminals Open Consumers to Fraud
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.
Researchers are detailing widespread security issues in point-of-sale (PoS) terminals – specifically, three...
PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers
Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently selling at least compromised 250,000 databases.
Researchers are warning on an active ransomware campaign that’s...
Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.
2020 is shaping up to...
Microsoft Wraps Up a Lighter Patch Tuesday for the Holidays
Nine critical bugs and 58 overall fixes mark the last scheduled security advisory of 2020.
Microsoft has addressed 58 CVEs (nine of them critical) for its December 2020 Patch Tuesday...
Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets
Google updates its mobile OS, fixing ten critical bugs, including one remote code execution flaw.
Google patched ten critical bugs as part of its December Android Security Bulletin. The...
NSA Warns: Patched VMware Bug Under Active Attack
Feds are warning that adversaries are exploiting a weeks-old bug in VMware’s Workspace One Access and VMware Identity Manager products.
Active attacks against a flaw in VMware’s Workspace One...
