13 matches found
Popular ThemeREX WordPress Plugin Opens Websites to RCE
A critical vulnerability in a WordPress plugin known as “ThemeREX Addons” could open the door for remote code execution in tens of thousands of websites. According to Wordfence, the bug has been actively exploited in the wild as a zero-day. The plugin, which is installed on approximately 44,000...
WhatsApp Remote Code Execution Triggered by Videos
Facebook has quietly patched a vulnerability in the popular WhatsApp messaging platform, which could be exploited to launch remote-code-execution or denial-of-service attacks on victims. Attackers can exploit the flaw merely by sending a target user a video — specifically, a specially crafted MP4...
Critical Exim Flaw Opens Servers to Remote Code Execution
A patch has been issued for a critical flaw in the Exim email server software, which could potentially open Exim-based servers up to denial of service or remote code execution attacks. Exim, which is free software used on Unix-like operating systems including Linux or Mac OSX, serves as a mail...
Microsoft Blacklists Dozens of New File Extensions in Outlook
Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems “at-risk” file attachments, which are typically sent with malicious scripts or executables. The move will prevent users from downloading email attachment...
Thousands of PCs Affected by Nodersok/Divergent Malware
New malware identified by Microsoft and Cisco Talos has affected thousands of PCs in the United States and Europe and turns systems into proxies for performing malicious activity, the companies said. The fileless threat—called Nodersok by Microsoft and Divergent by Cisco Talos—has many of its own...
Cisco Patches 13 High-Severity Router and Switch Bugs
Cisco Systems released patches for 29 bugs Wednesday that addressed flaws in a wide range of its products including routers and switches running the IOS XE networking software. Thirteen of the vulnerabilities revealed are rated high severity. The bulk of the high-severity vulnerabilities are tied...
IoT Security Challenges in a 5G Era: Expert Advice
When it comes to what we can expect with 5G mobile networks, they promise a more IoT friendly ecosystem, with vast improvements over the current capabilities of the 4G. Providing ultra low-latency and exponentially faster throughput along with sensors that will boast a 10-year battery life 5G pav...
Apple Issues Silent Update Removing Zoom's Hidden Server
Apple has pushed a silent update to Mac users that removes a hidden web server from Zoom users’ machines. The Zoom web- and video-conferencing service has come under scrutiny for its handling of a zero-day bug CVE-2019–13450 found by researcher Jonathan Leitschuh, which would allow an attacker to...
News Wrap: Amazon Privacy and Telegram DDoS Attack
Beyond Patch Tuesday, this week was crammed with privacy and security related news. In this week’s Threatpost podcast, editors Tara Seals and Lindsey O’Donnell discussed the top news from the week. That includes: A federal lawsuit alleging that Amazon is recording children who use its Alexa...
Joomla and WordPress Found Harboring Malicious Redirect Code
Security researchers are warning owners of Joomla and WordPress websites of a malicious redirect script that is pushing visitors to malicious websites. On Thursday, Eugene Wozniak, a security researcher with Sucuri, published a report outlining a rogue hypertext access .htaccess injector found on...
News Wrap: Which Companies Are Doing Privacy Right and Which Aren't?
The Threatpost team breaks down the top data privacy-related news this week, including: Google’s acknowledgement that G Suite passwords had been stored in plaintext – since 2005. The database of golfing app Game Golf left misconfigured, exposing millions of data points on games played plus...
Reddit Gold: Alice and Bob, Caught in a Web of Lies
Alice and Bob, the beloved or not-so-beloved, depending placeholder characters often used in cryptography examples, have been spotted in the middle of a web of deceit and intrigue by eagle-eyed Redditers. Think lies. Broken hearts. Even…murder. Yep, you heard that right. It all starts with the...
Airbus Data Takes Flight; and Billions of Credentials Dumped on Dark Web
French airplane and military aircraft behemoth Airbus SE has become the latest victim of a cyberattack leading to a data breach, with an incident detected on its “commercial aircraft business” information systems. It is only the latest high-profile data exposure to come to light in recent days, a...