Category: Threats & Malware

July 10, 2020

Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites. KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch […]

July 9, 2020

A massive data leak discovered on the technical database of popular casino gambling app Cubillion exposed daily activities and personal identifiable information of millions of users, according to vpnMentor researchers. Housed on a misconfigured Elasticsearch engine, the unprotected database recorded […]

July 9, 2020

Based on their CVSS score, the more serious of the flaws is CVE-2020-2034, which impacts the GlobalProtect portal and allows an unauthenticated attacker with network access to the targeted system to execute arbitrary operating system commands with root permissions. “An […]

July 9, 2020

A report published by security firm Digital Shadows revealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites. Over the past few years, Digital Shadows added to its […]

July 8, 2020

Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums – shedding light on the sheer scope of compromised credentials that are fueling account takeovers on the internet. A report released Wednesday […]

July 7, 2020

US security researcher Zach Edwards recently tweeted about finding 250 company website names that had been taken over by cybercriminals. He didn’t name the brands, but insists that the organisations affected include banks, healthcare companies, restaurant chains, civil rights groups […]

July 7, 2020

A joint operation headed by European and British law agencies dismantled the Encrochat messaging service, leading to the arrests of more than 100 people as well as the seizure of numerous weapons and ammunitions, drugs and millions in criminal funds. […]

July 6, 2020

This month, WizCase researchers discovered 5 separate data leaks of personal information belonging to dating app users in the US, Japan and South Korea. The data, which was easily accessed due to misconfigured and unsecure servers, included user information such […]

July 6, 2020

F5 informed customers last week that a BIG-IP configuration utility named Traffic Management User Interface (TMUI) is impacted by a critical remote code execution vulnerability whose exploitation can result in “complete system compromise.” The flaw is tracked as CVE-2020-5902 and […]

July 2, 2020

Of the eight vulnerabilities for which Cisco published an advisory this week, only CVE-2020-3297 has been rated high severity. This security hole affects some Small Business and managed switches and it allows a remote, unauthenticated attacker to access a device’s […]