Top

Category: Threats & Malware

Threats and Malware


Threats & Malware, Vulnerabilities

KingComposer fixes a reflected XSS impacting 100,000 WordPress sites

July 10, 2020

Via: Security Affairs

Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites. KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch […]


Data loss, Threats & Malware

Data Leak on Online Gambling App puts Millions of Users at Risk of Cyber Attacks

July 9, 2020

Via: Hot for Security

A massive data leak discovered on the technical database of popular casino gambling app Cubillion exposed daily activities and personal identifiable information of millions of users, according to vpnMentor researchers. Housed on a misconfigured Elasticsearch engine, the unprotected database recorded […]


Network security, Security, Threats & Malware, Vulnerabilities

Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS

July 9, 2020

Via: Security Week

Based on their CVSS score, the more serious of the flaws is CVE-2020-2034, which impacts the GlobalProtect portal and allows an unauthenticated attacker with network access to the targeted system to execute arbitrary operating system commands with root permissions. “An […]


Hacker, Threats & Malware

15 billion credentials available in the cybercrime marketplaces

July 9, 2020

Via: Security Affairs

A report published by security firm Digital Shadows revealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites. Over the past few years, Digital Shadows added to its […]


Access control, Data loss, Security, Threats & Malware

15 Billion Credentials Currently Up for Grabs on Hacker Forums

July 8, 2020

Via: Threat Post

Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums – shedding light on the sheer scope of compromised credentials that are fueling account takeovers on the internet. A report released Wednesday […]


Hacker, Threats & Malware

Company web names hijacked via outdated cloud DNS records

July 7, 2020

Via: Naked Security

US security researcher Zach Edwards recently tweeted about finding 250 company website names that had been taken over by cybercriminals. He didn’t name the brands, but insists that the organisations affected include banks, healthcare companies, restaurant chains, civil rights groups […]


Hacker, Threats & Malware

European Agencies Hack Criminal Encrochat Messaging System

July 7, 2020

Via: Hot for Security

A joint operation headed by European and British law agencies dismantled the Encrochat messaging service, leading to the arrests of more than 100 people as well as the seizure of numerous weapons and ammunitions, drugs and millions in criminal funds. […]


Data loss, Threats & Malware

5 Dating Apps Leak More than 1 Million User Profiles and Sensitive Information

July 6, 2020

Via: Hot for Security

This month, WizCase researchers discovered 5 separate data leaks of personal information belonging to dating app users in the US, Japan and South Korea. The data, which was easily accessed due to misconfigured and unsecure servers, included user information such […]


Threats & Malware, Vulnerabilities

Hackers Start Exploiting Recently Patched BIG-IP Vulnerability

July 6, 2020

Via: Security Week

F5 informed customers last week that a BIG-IP configuration utility named Traffic Management User Interface (TMUI) is impacted by a critical remote code execution vulnerability whose exploitation can result in “complete system compromise.” The flaw is tracked as CVE-2020-5902 and […]


Network security, Security, Threats & Malware, Vulnerabilities

Cisco Patches Vulnerabilities in Small Business Routers, Switches

July 2, 2020

Via: Security Week

Of the eight vulnerabilities for which Cisco published an advisory this week, only CVE-2020-3297 has been rated high severity. This security hole affects some Small Business and managed switches and it allows a remote, unauthenticated attacker to access a device’s […]