MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks
A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy.
Web Security
AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover
A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users.
Linux Servers at Risk of RCE Due to Critical CWP Bugs
The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.
The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
The ‘DTPacker’ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.
What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
