Lucene search
K

13 matches found

ThreatPost
ThreatPost
added 2020/03/10 8:30 p.m.347 views

Popular ThemeREX WordPress Plugin Opens Websites to RCE

A critical vulnerability in a WordPress plugin known as “ThemeREX Addons” could open the door for remote code execution in tens of thousands of websites. According to Wordfence, the bug has been actively exploited in the wild as a zero-day. The plugin, which is installed on approximately 44,000...

0.3AI score0.9981EPSS
Exploits125References6
ThreatPost
ThreatPost
added 2019/11/18 9:11 p.m.122 views

WhatsApp Remote Code Execution Triggered by Videos

Facebook has quietly patched a vulnerability in the popular WhatsApp messaging platform, which could be exploited to launch remote-code-execution or denial-of-service attacks on victims. Attackers can exploit the flaw merely by sending a target user a video — specifically, a specially crafted MP4...

6.8CVSS0.2AI score0.01321EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2019/09/30 2:12 p.m.242 views

Critical Exim Flaw Opens Servers to Remote Code Execution

A patch has been issued for a critical flaw in the Exim email server software, which could potentially open Exim-based servers up to denial of service or remote code execution attacks. Exim, which is free software used on Unix-like operating systems including Linux or Mac OSX, serves as a mail...

7.5CVSS1.4AI score0.99961EPSS
Exploits28References10
ThreatPost
ThreatPost
added 2019/09/27 2:39 p.m.85 views

Microsoft Blacklists Dozens of New File Extensions in Outlook

Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems “at-risk” file attachments, which are typically sent with malicious scripts or executables. The move will prevent users from downloading email attachment...

7.1AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/09/27 11:25 a.m.148 views

Thousands of PCs Affected by Nodersok/Divergent Malware

New malware identified by Microsoft and Cisco Talos has affected thousands of PCs in the United States and Europe and turns systems into proxies for performing malicious activity, the companies said. The fileless threat—called Nodersok by Microsoft and Divergent by Cisco Talos—has many of its own...

7.8AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/09/26 4:26 p.m.149 views

Cisco Patches 13 High-Severity Router and Switch Bugs

Cisco Systems released patches for 29 bugs Wednesday that addressed flaws in a wide range of its products including routers and switches running the IOS XE networking software. Thirteen of the vulnerabilities revealed are rated high severity. The bulk of the high-severity vulnerabilities are tied...

10CVSS1.9AI score0.8378EPSS
Exploits8References11
ThreatPost
ThreatPost
added 2019/09/03 7:10 p.m.71 views

IoT Security Challenges in a 5G Era: Expert Advice

When it comes to what we can expect with 5G mobile networks, they promise a more IoT friendly ecosystem, with vast improvements over the current capabilities of the 4G. Providing ultra low-latency and exponentially faster throughput along with sensors that will boast a 10-year battery life 5G pav...

2.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/07/11 2:4 p.m.93 views

Apple Issues Silent Update Removing Zoom's Hidden Server

Apple has pushed a silent update to Mac users that removes a hidden web server from Zoom users’ machines. The Zoom web- and video-conferencing service has come under scrutiny for its handling of a zero-day bug CVE-2019–13450 found by researcher Jonathan Leitschuh, which would allow an attacker to...

4.3CVSS6.6AI score0.03523EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2019/06/14 5:57 p.m.273 views

News Wrap: Amazon Privacy and Telegram DDoS Attack

Beyond Patch Tuesday, this week was crammed with privacy and security related news. In this week’s Threatpost podcast, editors Tara Seals and Lindsey O’Donnell discussed the top news from the week. That includes: A federal lawsuit alleging that Amazon is recording children who use its Alexa...

2.5AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/05/24 5:48 p.m.86 views

Joomla and WordPress Found Harboring Malicious Redirect Code

Security researchers are warning owners of Joomla and WordPress websites of a malicious redirect script that is pushing visitors to malicious websites. On Thursday, Eugene Wozniak, a security researcher with Sucuri, published a report outlining a rogue hypertext access .htaccess injector found on...

7.4AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/05/24 1:42 p.m.102 views

News Wrap: Which Companies Are Doing Privacy Right and Which Aren't?

The Threatpost team breaks down the top data privacy-related news this week, including: Google’s acknowledgement that G Suite passwords had been stored in plaintext – since 2005. The database of golfing app Game Golf left misconfigured, exposing millions of data points on games played plus...

6.3AI score
Exploits0References17
ThreatPost
ThreatPost
added 2019/02/22 9:23 p.m.140 views

Reddit Gold: Alice and Bob, Caught in a Web of Lies

Alice and Bob, the beloved or not-so-beloved, depending placeholder characters often used in cryptography examples, have been spotted in the middle of a web of deceit and intrigue by eagle-eyed Redditers. Think lies. Broken hearts. Even…murder. Yep, you heard that right. It all starts with the...

7.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/01/31 6:16 p.m.58 views

Airbus Data Takes Flight; and Billions of Credentials Dumped on Dark Web

French airplane and military aircraft behemoth Airbus SE has become the latest victim of a cyberattack leading to a data breach, with an incident detected on its “commercial aircraft business” information systems. It is only the latest high-profile data exposure to come to light in recent days, a...

0.9AI score
Exploits0References8
Rows per page
Query Builder