Active Attacks Target Popular Duplicator WordPress Plugin
When patched last week, the bug affected at least 1 million websites. Zero-day exploits were going on then.
Vulnerabilities
Critical Cisco Bug Opens Software Licencing Manager to Remote Attack
A default password would let anyone access the Cisco Smart Software Manager On-Prem Base platform, even if it’s not directly connected to the internet.
Critical Adobe Flaws Fixed in Out-of-Band Update
Two critical Adobe vulnerabilities have been fixed in Adobe After Effects and Adobe Media Encoder.
More than 55 percent of medical imaging devices – including MRIs, XRays and ultrasound machines – are powered by outdated Windows versions, researchers warn.
A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.
APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware.
Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers.
A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.
Security experts say that 5G supply chain concerns should be taken seriously – whether it’s in the context of Huawei or not.
The malicious Chrome extensions were secretly collecting users’ browser data and redirecting them to malware-laced websites.
