threatpost.com


New Adwind Variant Targets Windows, Chromium Credentials

threatpost.com :: A new version of the typically platform-agnostic Adwind trojan has been spotted targeting Windows applications and systems and Chromium-based browsers.

google  archive  twitter  tumblr  facebook 


PHP Bug Allows Remote Code-Execution on NGINX Servers

threatpost.com :: CVE-2019-11043 is trivial to exploit -- and a proof of concept is available.

google  archive  twitter  tumblr  facebook 


Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing

threatpost.com :: The Qode Instagram Widget and Qode Twitter Feed both have bugs that could allow redirects to malicious sites.

google  archive  twitter  tumblr  facebook 


Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS

threatpost.com :: The issue in the Rich Reviews plugin is being actively exploited.

google  archive  twitter  tumblr  facebook 


WordPress XSS Bug Allows Drive-By Code Execution

threatpost.com :: Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover.

google  archive  twitter  tumblr  facebook 


WordPress Plugins Anchor Widespread Malvertising, Rogue Backdoor Campaign

threatpost.com :: An ongoing attack on websites has added new exploits and an administrative backdoor to its bag of tricks.

google  archive  twitter  tumblr  facebook 



Elderly China Chopper Tool Still Going Strong in Multiple Campaigns

threatpost.com :: Multiple actors in multiple campaigns are using the web shell for remote access, even though it's almost a decade old and hasn't been updated.

google  archive  twitter  tumblr  facebook 


WordPress Plugins Exploited in Ongoing Attack, Researchers Warn

threatpost.com :: Researchers warn users of several plugins to update as vulnerabilities are being actively exploited to redirect website visitor traffic.

google  archive  twitter  tumblr  facebook 


Cryptolocking WordPress Plugin Locks Up Blog Posts

threatpost.com :: A new type of malicious plugin has been spotted in the wild with the capability of targeting individual blog posts.

google  archive  twitter  tumblr  facebook 


ThreatList: DMARC Adoption Nonexistent at 80% of Orgs

threatpost.com :: Standard email authentication to prevent spoofing and phishing remains elusive for most.

google  archive  twitter  tumblr  facebook 


Rare Steganography Hack Can Compromise Fully Patched Websites

threatpost.com :: Attackers are hiding PHP scripts in EXIF headers of JPEG images to hack websites, just by uploading an image.

google  archive  twitter  tumblr  facebook 


WordPress Plugin Flaws Exploited in Ongoing Malvertising Campaign

threatpost.com :: An ongoing malvertising campaign is exploiting WordPress plugin vulnerabilities to redirect website visitors to malicious pages.

google  archive  twitter  tumblr  facebook 


Turla APT Returns with New Malware, Anti-Censorship Angle

threatpost.com :: A dropper called “Topinambour" is the first-stage implant, which in turn fetches a spy trojan built in several coding languages.

google  archive  twitter  tumblr  facebook 


Zoom Pushes Emergency Patch for Webcam Hijack Flaw

threatpost.com :: After media scrutiny, the collaboration service has decided to address the zero-day after initially dismissing its severity.

google  archive  twitter  tumblr  facebook 


Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking

threatpost.com :: The vulnerability can be exploited on a drive-by basis by a malicious website.

google  archive  twitter  tumblr  facebook 


WordPress Plugin WP Statistics Patches XSS Flaw

threatpost.com :: A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.

google  archive  twitter  tumblr  facebook 


Scammers Prey on Instagram Vanity and ‘Verified Account’ Status

threatpost.com :: Hackers are stealing Instagram credentials through a tricky phishing scam that asks victims to apply for exclusive verified account status.

google  archive  twitter  tumblr  facebook 


LoudMiner Cryptominer Uses Linux Image and Virtual Machines

threatpost.com :: A Tiny Core Linux 9.0 image configured to run XMRig runs on a VM, rather than victim machines hosting the malware locally.

google  archive  twitter  tumblr  facebook 


Irked Researcher Discloses Facebook WordPress Plugin Flaws

threatpost.com :: Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook.

google  archive  twitter  tumblr  facebook 


WordPress Sites Worldwide Hit with ‘Call-Girl’ Search-Engine Pollution

threatpost.com :: A web spam campaign targeting Koreans is affecting non-hacked websites worldwide.

google  archive  twitter  tumblr  facebook 


Buggy Phishing Kits Allow Criminals to Cannibalize Their Own

threatpost.com :: The vulnerable kits also offer a point of entry to compromise legitimate website servers.

google  archive  twitter  tumblr  facebook 


WordPress Plugin Has Unpatched Privilege Escalation Flaw, Warn Researchers

threatpost.com :: Researchers are warning of flaws in two WordPress plugins - Slick Popup and WP Database Backup - including one that remains unpatched.

google  archive  twitter  tumblr  facebook 


Joomla and WordPress Found Harboring Malicious Redirect Code

threatpost.com :: New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites.

google  archive  twitter  tumblr  facebook 


WordPress WP Live Chat Support Plugin Fixes XSS Flaw

threatpost.com :: A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.

google  archive  twitter  tumblr  facebook 


WP Live Chat WordPress Plugin Re-Patches File Upload Flaw

threatpost.com :: After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.

google  archive  twitter  tumblr  facebook 


Ad Server Patched to Stop Possible Malware Distribution

threatpost.com :: Revive Adserver patches two vulnerability, one of which may have been used to allow hackers to deliver malware to third-party websites.

google  archive  twitter  tumblr  facebook 


Muhstik Botnet Variant Targets Just-Patched Oracle WebLogic Flaw

threatpost.com :: Researchers are urging Oracle WebLogic users to update quickly - after new Muhstik botnet samples started targeting a critical flaw in the servers.

google  archive  twitter  tumblr  facebook 


Users Urged to Update WordPress Plugin After Flaw Disclosed

threatpost.com :: Yet another WordPress plugin vulnerability has put thousands of websites at risk.

google  archive  twitter  tumblr  facebook 


Exploits for Social Warfare WordPress Plugin Reach Critical Mass

threatpost.com :: More and more attacks taking advantage of a XSS and RCE bug in the popular plugin have cropped up in the wild.

google  archive  twitter  tumblr  facebook 


Rogue Waves: Preparing the Internet for the Next Mega DDoS Attack

threatpost.com :: Why many attack techniques can be reused – but organizations can't defend against them.

google  archive  twitter  tumblr  facebook 


WordPress Yellow Pencil Plugin Flaws Actively Exploited

threatpost.com :: Yet another WordPress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered.

google  archive  twitter  tumblr  facebook 


Users Urged to Uninstall WordPress Yuzo Plugin After Flaw Exploited

threatpost.com :: A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild.

google  archive  twitter  tumblr  facebook 


Lazarus Group Widens Tactics in Cryptocurrency Attacks

threatpost.com :: MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.

google  archive  twitter  tumblr  facebook