Top

Category: Vulnerabilities


Threats & Malware, Vulnerabilities

KingComposer fixes a reflected XSS impacting 100,000 WordPress sites

July 10, 2020

Via: Security Affairs

Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites. KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch […]


Network security, Security, Threats & Malware, Vulnerabilities

Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS

July 9, 2020

Via: Security Week

Based on their CVSS score, the more serious of the flaws is CVE-2020-2034, which impacts the GlobalProtect portal and allows an unauthenticated attacker with network access to the targeted system to execute arbitrary operating system commands with root permissions. “An […]


Threats & Malware, Vulnerabilities

Hackers Start Exploiting Recently Patched BIG-IP Vulnerability

July 6, 2020

Via: Security Week

F5 informed customers last week that a BIG-IP configuration utility named Traffic Management User Interface (TMUI) is impacted by a critical remote code execution vulnerability whose exploitation can result in “complete system compromise.” The flaw is tracked as CVE-2020-5902 and […]


Network security, Security, Threats & Malware, Vulnerabilities

Cisco Patches Vulnerabilities in Small Business Routers, Switches

July 2, 2020

Via: Security Week

Of the eight vulnerabilities for which Cisco published an advisory this week, only CVE-2020-3297 has been rated high severity. This security hole affects some Small Business and managed switches and it allows a remote, unauthenticated attacker to access a device’s […]


Threats & Malware, Virus & Malware, Vulnerabilities

Solar power shines light on security for the renewable energy industry

July 2, 2020

Via: CSO Online

Cyberattacks on energy companies are becoming more common. State-sponsored groups such as Hexane or DragonFly target them routinely to sabotage operations and steal intellectual property (IP) while criminal groups try to extort money with the ransomware attacks like the one […]


Network security, Security, Threats & Malware, Vulnerabilities

Netgear Starts Patching Serious Vulnerabilities Affecting Tens of Products

July 1, 2020

Via: Security Week

All of the security holes were reported to Netgear through Trend Micro’s Zero Day Initiative (ZDI), including five by a hacker who uses the online moniker d4rkn3ss, from VNPT ISC, and five by Pedro Ribeiro and Radek Domanski of Team […]


Threats & Malware, Vulnerabilities

Microsoft releases emergency security updates to fix Windows codecs

July 1, 2020

Via: Security Affairs

Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library. The two issues are remote code execution vulnerabilities tracked as CVE-2020-1425 & CVE-2020-1457 that impact Windows 10 and […]


Threats & Malware, Vulnerabilities

Vulnerable drivers can enable crippling attacks against ATMs and POS systems

June 30, 2020

Via: CSO Online

ATMs and point-of-sale (POS) systems have been a target for many cybercriminal groups over the past several years resulting in some of the largest card breaches and money heists in history. While attackers have various ways to break into these […]


Threats & Malware, Vulnerabilities

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

June 30, 2020

Via: Security Affairs

Palo Alto Networks addressed a critical vulnerability, tracked as CVE-2020-2021, in the operating system (PAN‑OS) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. “When Security Assertion Markup Language (SAML) authentication is enabled and the […]


Threats & Malware, Vulnerabilities

How attackers target and exploit Microsoft Exchange servers

June 25, 2020

Via: Help Net Security

Microsoft Exchange servers are an ideal target for attackers looking to burrow into enterprise networks, says Microsoft, as “they provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins […]