80K Retail WooCommerce Sites Exposed by Plugin XSS Bug
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
Vulnerabilities
How Decryption of Network Traffic Can Improve Security
Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.
Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks
The insurer won’t pay for ‘acts of cyber-war’ or nation-state retaliation attacks.
UPDATE: As of Tuesday, IKEA declined to say whether the cyberattack was still ongoing. IKEA warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads.
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.
Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company’s woes.
Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month.
That’s just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet’s Derek Manky.
Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.
CloudLinux’s security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
