ATENTIONβΌ New - CVE-2015-9459
π Read
via "National Vulnerability Database".
The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9459
π Read
via "National Vulnerability Database".
The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9458
π Read
via "National Vulnerability Database".
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9457
π Read
via "National Vulnerability Database".
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.π Read
via "National Vulnerability Database".
π΄ Works of Art: Cybersecurity Inspires 6 Winning Ideas π΄
π Read
via "Dark Reading: ".
The Center for Long Term Cybersecurity recently awarded grants to six artists in a contest to come up with ideas for works with security themes and elements. Check 'em out.π Read
via "Dark Reading: ".
Dark Reading
Works of Art: Cybersecurity Inspires 6 Winning Ideas - Dark Reading
The Center for Long Term Cybersecurity recently awarded grants to six artists in a contest to come up with ideas for works with security themes and elements. Check 'em out.
π΄ Akamai Snaps Up ChameleonX to Tackle Magecart π΄
π Read
via "Dark Reading: ".
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.π Read
via "Dark Reading: ".
Dark Reading
Akamai Snaps Up ChameleonX to Tackle Magecart
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
β Cryptomining Crook Steals Game Developerβs Identity to Carry Out Dirty Work β
π Read
via "Threatpost".
An alleged fraudster built a vast web of AWS cloud accounts, becoming the platform's biggest consumer of data resources.π Read
via "Threatpost".
Threat Post
Cryptomining Crook Steals Game Developerβs Identity to Carry Out Dirty Work
An alleged fraudster built a vast web of AWS cloud accounts, becoming the platform's biggest consumer of data resources.
β vBulletin Flaw Exploited in Dutch Sex-Work Forum Breach β
π Read
via "Threatpost".
A hacker is selling the email addresses of 250,000 users of a Dutch sex-work forum -- data that researchers say could be used for blackmail.π Read
via "Threatpost".
Threat Post
vBulletin Flaw Exploited in Dutch Sex-Work Forum Breach
A hacker is selling the email addresses of 250,000 users of a Dutch sex-work forum β data that researchers say could be used for blackmail.
π΄ Imperva Details Response to Customer Database Exposure π΄
π Read
via "Dark Reading: ".
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.π Read
via "Dark Reading: ".
Darkreading
Imperva Details Response to Customer Database Exposure
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
π΄ AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security
Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
π΄ iTunes Zero-Day Exploited to Deliver BitPaymer π΄
π Read
via "Dark Reading: ".
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.π Read
via "Dark Reading: ".
Darkreading
iTunes Zero-Day Exploited to Deliver BitPaymer
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
β Apple removes app that tracks Hong Kong police and protestors β
π Read
via "Naked Security".
Apple was under fire this week after banning an app that tracked the location of both police and protesters in Hong Kong on a live map.π Read
via "Naked Security".
Naked Security
Apple removes app that tracks Hong Kong police and protestors
Apple was under fire this week after banning an app that tracked the location of both police and protesters in Hong Kong on a live map.
β Facebook flags thousands of kids as interested in gambling, booze β
π Read
via "Naked Security".
According to a new report, its algorithmic labelling may expose minors to age-inappropriate, targeted advertising.π Read
via "Naked Security".
Naked Security
Facebook flags thousands of kids as interested in gambling, booze
According to a new report, its algorithmic labelling may expose minors to age-inappropriate, targeted advertising.
β Hackers bypassing some types of 2FA security FBI warns β
π Read
via "Naked Security".
Some types of 2FA security can no longer be guaranteed to keep the bad guys out, the FBI warned US companies.π Read
via "Naked Security".
Naked Security
Hackers bypassing some types of 2FA security FBI warns
Some types of 2FA security can no longer be guaranteed to keep the bad guys out, the FBI warned US companies.
β Most Americans donβt have a clue what https:// means β
π Read
via "Naked Security".
...and wouldn't know 2FA from a hole in the ground, according to Pew Research.π Read
via "Naked Security".
Naked Security
Most Americans donβt have a clue what https:// means
β¦and wouldnβt know 2FA from a hole in the ground, according to Pew Research.
ATENTIONβΌ New - CVE-2010-5340
π Read
via "National Vulnerability Database".
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5339
π Read
via "National Vulnerability Database".
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5338
π Read
via "National Vulnerability Database".
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5337
π Read
via "National Vulnerability Database".
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5336
π Read
via "National Vulnerability Database".
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5335
π Read
via "National Vulnerability Database".
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.π Read
via "National Vulnerability Database".