WordPress WPparallax theme <= 2.0.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress WPparallax theme versions = 2.0.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress StoreVilla theme <= 1.4.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress StoreVilla theme versions = 1.4.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

Users Clueless About Cybersecurity Risks: Study

Organizations are facing yet another unprecedented threat to their cybersecurity now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new surv...

Seven Security Strategies, Summarized

This is the sort of story that starts as a comment on Twitter, then becomes a blog post when I realize I can't fit all the ideas into one or two Tweets. You know how much I hate Tweet threads, and how I encourage everyone to capture deep thoughts in blog posts! In the interest of capturing the...

Buying Used Voting Machines on eBay

This is not surprising: This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easie...

Security feature bypass

fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement...

Seagate BlackArmor NAS - Multiple Vulnerabilities

Seagate BlackArmor NAS - Multiple Vulnerabilities Exploit Title: Seagate BlackArmor NAS Multiple Vulnerabilities Date: 2/17/14 Exploit Author: Shayan Sadigh twitter.com/r1pplex | Vendor Homepage: http://www.seagate.com/external-hard-drives/network-storage/ Version: All BlackArmor NAS devices...

Convicted TJX Hacker Regrets Taking 'Easy Way Out' With Plea Deal

MIAMI BEACH–Stephen Watt was involved in a series of attacks on retailers and restaurants that federal prosecutors called the largest identity theft in U.S. history. He wrote the sniffer used by some of his friends to steal millions of credit card numbers. After federal agents raided his apartmen...