The Internet’s Most Tempting Targets
What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
Vulnerabilities
20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software.
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.
Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.
Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.
It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.
