Researchers warn users of several plugins to update as vulnerabilities are being actively exploited to redirect website visitor traffic.
Link: https://threatpost.com/wordpress-plugins-exploited-in-ongoing-attack-researchers-warn/147671/
Tag: Vulnerabilities
News Wrap: Linux Utility Backdoor, Steam Zero Day Disclosure Drama
From a backdoor placed in the Webmin utility to vulnerability disclosure drama around zero-days in Valve’s Steam gaming clients, Threatpost breaks down this week’s top stories.
Link: https://threatpost.com/news-wrap-linux-utility-backdoor-steam-zero-day-disclosure-drama/147654/
Lenovo High-Severity Bug Found in Pre-Installed Software
Security researchers at Pen Test Partners have found a privilege escalation flaw in the much-maligned Lenovo Solution Center software.
Link: https://threatpost.com/bug-found-in-pre-installed-software/147657/
Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban
After Valve banned him from its bug bounty program, a researcher has found a second zero-day vulnerability affecting the Steam gaming client.
Link: https://threatpost.com/researcher-discloses-second-steam-zero-day-after-valve-bug-bounty-ban/147593/
Cisco Patches Six Critical Bugs in UCS Gear and Switches
Six bugs found in Cisco’s Unified Computing System gear and its 220 Series Smart switches can allow unauthenticated remote hackers to take over equipment.
Link: https://threatpost.com/cisco-patches-six-critical-bugs/147585/
Backdoor Found in Utility for Linux, Unix Servers
Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.
Link: https://threatpost.com/backdoor-found-in-utility-for-linux/147581/
Microsoft Offers $30K Rewards For Chromium Edge Beta Flaws
Microsoft released the beta of its new Chromium-based Edge – and it is offering rewards of up to $30,000 for researchers to hunt out vulnerabilities in the browser.
Link: https://threatpost.com/microsoft-rewards-chromium-edge-beta-flaws/147542/
Apple iOS Patch Blunder Opens Updated iPhones to Jailbreaks
Apple accidentally re-introduced a vulnerability in its latest operating system, iOS 12.4, that had been previously fixed in iOS 12.3.
Link: https://threatpost.com/apple-ios-patch-blunder-iphones-jailbreaks/147519/
VLC Media Player Allows Desktop Takeover Via Malicious Video Files
VideoLAN has released an updated version of its VLC Player to fix over a dozen bugs.
Link: https://threatpost.com/high-risk-vlc-media-player-bugs/147503/
Google Nest Security Cam Bugs Allow Device Takeover
Eight vulnerabilities would allow a range of attacker activities, including taking the Nest camera offline, sniffing out network information and device hijacking.
Link: https://threatpost.com/google-nest-security-cam-takeover/147477/