Researchers have found three critical vulnerabilities in the Responsive Menu WordPress plugin which exposed over 100,000 sites to takeover attacks. The first flaw made it possible for authenticated attackers with low-level permissions to upload arbitrary files and ultimately achieve remote code execution. The remaining two flaws made it possible for attackers to forge requests that would modify the settings of the plugin and again upload arbitrary files that could lead to remote code execution.
Author: ISBuzz Team
Singapore telecom company Singtel informed customers that its file-sharing system called FTA was it with a cyberattack. The company statement said the system was “illegally attacked by unidentified hackers. This is a standalone system that we use to share information internally as well as with external stakeholders. Accellion has informed us that this incident is part of a wider concerted attack against users of their file-sharing system. Cybersecurity experts offer perspective.
The subject of super cookies has come up a number of times in recent weeks, with browsers adding updates in the hopes of stopping them from infringing on users’ privacy and save themselves from regulatory fines that could be levied.
It has been reported that vulnerabilities in the communications protocols used by millions of Internet of Things (IoT) and operational technology (OT) devices could allow cyber attackers to intercept and manipulate data. The vulnerabilities in some TCP/IP stacks have been detailed by cybersecurity researchers at Forescout, who’ve dubbed the set of nine new vulnerabilities as ‘Number:Jack’.
According to F5’s new 2021 Credential Stuffing Report, although breach volumes have declined, poor security practices continue the downstream risk of credential exposure. The report “makes it clear that credential stuffing will remain an enormous risk to organizations of all types.” The F5 team collected the data to focus on three aspects of the ecosystem surrounding stolen credentials: theft, sale, and fraud use.
A group of civil society organizations said on Wednesday that new Cyber-security laws proposed by Myanmar’s new junta to ban the content. The 36 pages proposed laws were given to internet service providers to provides comments in a week’s time. Cybersecurity experts commented below on the danger of Internet censorship.
Romance scams are one of the UK’s top 5 most successful types of fraud, according to research from Feedzai, the financial crime solution specialist. With Valentine’s Day coming up this weekend, Cybersecurity experts provide an insight on what’s the best strategy to overcome such scams.
Healthcare cyberattacks remain on the rise, yet an astounding 88% of MedTech leaders do not believe that their organization is prepared to thwart a cyberattack. This according to a new survey of senior-level corporate and product executives at Fortune 1000 medical device manufacturers, digital and mobile health companies, and telehealth providers. Other key findings included: 80% have suffered at least one cyberattack in the past five years, including ransomware, malware, phishing, spoofing, and DDoS, with customer databases, employee information, and even R&D being targeted.Only 18% believe the security built into their medical device products is strong, while 80% rated their organization’s cybersecurity…
A novel form of software supply chain attack has been uncovered by ethical hacker Alex Birsan, who managed to breach the systems of over 35 major tech companies, including Microsoft, Uber and Tesla, by taking advantage of a concept known as dependency confusion. The new attack vector is particularly worrying as, unlike traditional typosquatting or brandjacking supply chain attacks, the targeted companies automatically downloaded the malicious packages and the breach did not require social engineering or human error to infiltrate private repositories.
The maker Cyberpunk 2077 game hit by the ransomware attack, where attackers have been able to access the company’s internal network, encrypt some devices and copy the data. The company believes no personal data of the players is compromised. The company disclosed the hack by tweeting the note left by the hacker who claims to have accessed the source code of Cyberpunk 2077, Witcher 3, Gwent, and an “unreleased version of Witcher 3.
