More and more attacks taking advantage of a XSS and RCE bug in the popular plugin have cropped up in the wild.
Link: https://threatpost.com/exploits-social-warfare-wordpress/144051/
Tag: Vulnerabilities
WannaCry Hero Pleads Guilty to Kronos Malware Charges
The malware researcher has pleaded guilty to two out of 10 charges; one with creating the Kronos malware and the other with conspiracy.
Link: https://threatpost.com/wannacry-hero-pleads-guilty-to-kronos-malware-charges/143997/
Microsoft’s Latest Patch Hoses Some Antivirus Software
McAfee, Sophos and Avast are among the antivirus software suites impacted.
Link: https://threatpost.com/microsofts-latest-patch-hoses-some-antivirus-software/143978/
Insecure Ride App Database Leaks Data of 300K Iranian Drivers
A researcher said that millions of records were leaking 300,000 Tap30 drivers’ names, ID numbers and phone numbers.
Link: https://threatpost.com/insecure-ride-app-database-leaks-data-of-300k-iranian-drivers/143955/
Shopify Flaw Exposed Thousands of Merchants’ Revenue, Traffic Numbers
The flaw, which existed in a Shopify API endpoint, has been patched.
Link: https://threatpost.com/shopify-flaw-exposed-merchant-revenue-traffic/143902/
Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug
The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.
Link: https://threatpost.com/easter-attack-apple-ios/143901/
Cisco Patches Critical Flaw In ASR 9000 Routers
The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said.
Link: https://threatpost.com/cisco-patch-asr-9000-routers/143895/
Ubiquitous Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images
The ubiquitous nature of the flaw opens the door for rapidly spreading, crippling cyberattacks.
Link: https://threatpost.com/hipaa-protected-malware-medical-images/143890/
Oracle Squashes 53 Critical Bugs in April Security Update
Overall Oracle patched 297 flaws across multiple product as part of its April security update.
Link: https://threatpost.com/oracle-squashes-53-critical-bugs-in-april-security-update/143845/
Windows Zero-Day Emerges in Active Exploits
Patched just last week, the Windows kernel bug is being used for full system takeover.
Link: https://threatpost.com/windows-zero-day-active-exploits/143820/