Category: Vulnerabilities

July 10, 2020

Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites. KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch […]

July 9, 2020

Based on their CVSS score, the more serious of the flaws is CVE-2020-2034, which impacts the GlobalProtect portal and allows an unauthenticated attacker with network access to the targeted system to execute arbitrary operating system commands with root permissions. “An […]

July 6, 2020

F5 informed customers last week that a BIG-IP configuration utility named Traffic Management User Interface (TMUI) is impacted by a critical remote code execution vulnerability whose exploitation can result in “complete system compromise.” The flaw is tracked as CVE-2020-5902 and […]

July 2, 2020

Of the eight vulnerabilities for which Cisco published an advisory this week, only CVE-2020-3297 has been rated high severity. This security hole affects some Small Business and managed switches and it allows a remote, unauthenticated attacker to access a device’s […]

July 2, 2020

Cyberattacks on energy companies are becoming more common. State-sponsored groups such as Hexane or DragonFly target them routinely to sabotage operations and steal intellectual property (IP) while criminal groups try to extort money with the ransomware attacks like the one […]

July 1, 2020

All of the security holes were reported to Netgear through Trend Micro’s Zero Day Initiative (ZDI), including five by a hacker who uses the online moniker d4rkn3ss, from VNPT ISC, and five by Pedro Ribeiro and Radek Domanski of Team […]

July 1, 2020

Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library. The two issues are remote code execution vulnerabilities tracked as CVE-2020-1425 & CVE-2020-1457 that impact Windows 10 and […]

June 30, 2020

ATMs and point-of-sale (POS) systems have been a target for many cybercriminal groups over the past several years resulting in some of the largest card breaches and money heists in history. While attackers have various ways to break into these […]

June 30, 2020

Palo Alto Networks addressed a critical vulnerability, tracked as CVE-2020-2021, in the operating system (PAN‑OS) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. “When Security Assertion Markup Language (SAML) authentication is enabled and the […]

June 25, 2020

Microsoft Exchange servers are an ideal target for attackers looking to burrow into enterprise networks, says Microsoft, as “they provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins […]