Old WordPress Plugin Being Exploited in RCE Attacks

Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks.

Facebook Now Offers Bounties For Access Token Exposure

The newly expanded Facebook bug bounty program sniffs out access token exposure flaws.

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.

CSS-Based Attack Causes iOS, macOS Devices to Crash

The attack stems from a glitch in WebKit, an HTML layout browser engine in Apple’s Safari browser.

Apple Releases Multiple Security Updates

Original release date: September 17, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple security pages for the following products and apply the necessary updates: Apple Support 2.4 for iOS Safari 12 watchOS 5 tvOS 12 iOS 12 This product is provided subject to this Notification and this Privacy & Use policy.

SB18-260: Vulnerability Summary for the Week of September 10, 2018

Original release date: September 17, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

Five Weakest Links in Cybersecurity That Target the Supply Chain

Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The fallout from these breaches can be costly, as the average enterprise pays $1.23 million per incident, up […]

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

The attack bypasses BIOS mitigations for cold-boot compromise on models from Apple, Dell, Lenovo and all others made in the last 10 years.

ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery

The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitrary code-execution.

Osiris Banking Trojan Displays Modern Malware Innovation

Osiris’ fundamental makeup positions it in the fore of malware trends, despite being based on old source code that’s been knocking around for years.