Vulnerabilities

Secret Backdoors Discovered In WordPress Plugins and Themes

In another software supply chain attack, dozens of WordPress themes and plugins hosted on a developer’s website were backdoored with malicious code in September 2021 with the goal of infecting further sites. This gave attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based company that […]

Secret Backdoors Discovered In WordPress Plugins and Themes Read More »

Researchers Discover 3 WordPress Plugins Leaving 84,000 Websites Vulnerable To Attack

Three WordPress plugins have been discovered to be affected with a security shortcoming which gives a malicious actor the opportunity to take over vulnerable websites. An attacker could update arbitrary site options on a vulnerable site, provided they could trick a site administrator into clicking a link or doing a thing. Tracked as CVE-2022-0215, the

Researchers Discover 3 WordPress Plugins Leaving 84,000 Websites Vulnerable To Attack Read More »

Garrett Walk-Through Metal Detector Vulnerability Discovered

Security flaws have been uncovered in a networking component in Garrett Metal Detectors which could allow remote attackers bypass authentication requirements, tamper with metal detector configurations and even execute arbitrary code on the devices. Cisco Talos noted in a disclosure publicized that “An attacker could manipulate this module to remotely monitor statistics on the metal

Garrett Walk-Through Metal Detector Vulnerability Discovered Read More »

Microsoft Releases Windows Update to Patch Zero Day Used to Spread Emotet Malware

Multiple security vulnerabilities have been addressed in the recent Microsoft Patch Tuesday updates. This updates deals with but not limited to actively exploited flaw that is being abused to deliver Emotet, TrickBot or Bazaloader malware payloads. This release fixes a total of 67 flaws bringing the total number of bugs patched by the company this

Microsoft Releases Windows Update to Patch Zero Day Used to Spread Emotet Malware Read More »

Microsoft Windows OS Gets Affected by Unpatched Unauthorized File Read Vulnerability

The Windows Security Vulnerability (CVE-2021-24084) which allows disclosure and Local Privilege Escalation (LPE) on vulnerable systems has received a follow up patch after the last patch failed to solve the problem. But as observed by Naceri in June 2021, not only could the patch be bypassed to achieve the same objective, the researcher this month

Microsoft Windows OS Gets Affected by Unpatched Unauthorized File Read Vulnerability Read More »

Hackers Making Attempt At Exploiting New Windows Installer Zero-Day Vulnerability

Hackers are putting in efforts to exploit a recently disclosed privilege escalation vulnerability in order to execute arbitrary codes on fully-patched systems. Tracked as CVE-2021-42379 the elevation of privilege flaw affects Windows Installer software component and was originally resolved as part of Microsoft’s Patch Tuesday updates for November 2021. Researchers have indicated that it was

Hackers Making Attempt At Exploiting New Windows Installer Zero-Day Vulnerability Read More »

FBI Releases Alert on Currently Exploited FatPipe VPN Zero-Day Bug

The FBI has disclosed that a yet to be identified threat actor has been exploiting a previously known weakness in the FatPipe MPVPN networking devices at least since May 2021 using it to obtain initial foothold as well as maintain persistent access into the vulnerable networks. This allowed APT actors to gain unrestricted file upload

FBI Releases Alert on Currently Exploited FatPipe VPN Zero-Day Bug Read More »

Cybersecurity Agencies Release Warnings on Exploitation of Microsoft, Fortinet Flaws by Iranian Hackers

A joint advisory warning of active exploitation of Fortinet and Microsoft Exchange Proxyshell has been released by cybersecurity agencies from Australia, U.S and the U.K. Iranian state-sponsored actors are believed to be behind this attacks and are leveraging multiple Fortinets FortiOS vulnerabilities dating back to March 2021 as well as a a remote code execution

Cybersecurity Agencies Release Warnings on Exploitation of Microsoft, Fortinet Flaws by Iranian Hackers Read More »

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN

A Zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN capable of being abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices using root privileges Tracked as CVE-2021-3064 (CVSS score:9.8), the security weakness impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.1.17. This flaw was discovered and reported by Masachusetts-based

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN Read More »

Google Releases Patches for a New Android 0-Day Vulnerability

Monthly security patches have been released by Google for Android, fixing 39 flaws inclusive of a zero-day vulnerability which is actively being exploited in the wild in limited targeted attacks. The zero-day bug tracked as CVE-2021-1048 is described as a use-after-free vulnerability in the kernel which could be exploited for local privilege escalation. Use-after-free could

Google Releases Patches for a New Android 0-Day Vulnerability Read More »