Top

Category: Vulnerabilities


Network security, Security, Threats & Malware, Vulnerabilities

U.S. House Passes IoT Cybersecurity Bill

September 16, 2020

Via: Security Week

First introduced in 2017 and reintroduced in 2019, the IoT Cybersecurity Improvement Act will now have to pass the Senate before it can be signed into law by the president. The bipartisan legislation is backed by Reps. Will Hurd (R-Texas) […]


Network security, Security, Threats & Malware, Vulnerabilities

More Printers Could Mean Security Problems for Home-Bound Workers

September 14, 2020

Via: Dark Reading

As employees outfit their home offices with the necessary technology to continue to work remotely, printer sales have surged in the first eight months of 2020, leaving security experts to worry that the devices may open up companies’ home-bound employees […]


Threats & Malware, Vulnerabilities

Attacks Targeting Recent WordPress File Manager Flaw Ramping Up

September 11, 2020

Via: Security Week

With over 700,000 active installs, File Manager is a highly popular WordPress plugin that provides admins with file and folder management capabilities (copy/paste, delete, download/upload, edit, and archive). In early September 2020, the plugin’s developer addressed a critical-severity zero-day flaw […]


Threats & Malware, Vulnerabilities

Critical Vulnerabilities Expose MoFi Routers to Remote Attacks

September 8, 2020

Via: Security Week

The vulnerabilities were reported to the vendor in May by Rich Mirch, a security researcher at CRITICALSTART. However, some of them remain unpatched. The researcher discovered a total of 10 vulnerabilities affecting MOFI4500 routers, a majority related to the web […]


Threats & Malware, Vulnerabilities

EMV Contactless Payment Card Flaw Facilitates PIN Bypass

September 8, 2020

Via: DataBreach Today

A “critical” flaw in how contactless cards from Visa – and potentially other issuers – have implemented the EMV protocol can be abused to launch a “PIN bypass attack,” researchers warn. But Visa says the exploits would be “impractical for […]


Threats & Malware, Vulnerabilities

Facebook Announces Vulnerability Reporting and Disclosure Policy

September 4, 2020

Via: Security Week

The social media giant took the wraps off a Vulnerability Disclosure Policy this week, aimed at bugs its researchers may discover in third-party code and systems, open source applications included. The purpose of the policy, Facebook says, is to make […]


Hacker, Threats & Malware, Vulnerabilities

Hackers are actively exploiting critical RCE in WordPress sites using File Manager plugin

September 2, 2020

Via: Security Affairs

Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable versions of the plugin. The […]


Threats & Malware, Vulnerabilities

Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers

September 1, 2020

Via: Help Net Security

A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators […]


Threats & Malware, Vulnerabilities

New Attacks Allow Bypassing EMV Card PIN Verification

August 28, 2020

Via: Security Week

In a newly published paper, David Basin, Ralf Sasse, and Jorge Toro-Pozo from the department of computer science at ETH Zurich, explain that vulnerabilities identified in the standard EMV implementation could be exploited to render the PIN verification useless on […]


Threats & Malware, Vulnerabilities

Microsoft fixes code execution, privilege escalation in Microsoft Azure Sphere

August 27, 2020

Via: Security Affairs

Microsoft has recently addressed some vulnerabilities impacting Microsoft Azure Sphere that could be exploited by attackers to execute arbitrary code or to elevate privileges. Azure Sphere OS adds layers of protection and ongoing security updates to create a trustworthy platform […]