Critical Vulnerability in File Manager WordPress Plugin Exploited in the Wild

Attackers have begun to target a vulnerability in a popular WordPress plugin with over 700,000 active installations, attempting to inject malicious code. Background On September 1, researchers at Wordfence published a blog post about a critical vulnerability in File Manager, a popular WordPress Plugin used to manage files on WordPress sites. According to statistics from wordpress.org, the plugin … [Read more...]

Zero-Day Remote Code Execution Vulnerability in vBulletin Disclosed

Researcher identifies a zero-day vulnerability that bypasses a fix for CVE-2019-16759, a previously disclosed remote code execution vulnerability in vBulletin. Attacks have already been observed in the wild. Background On August 9, vulnerability researcher Amir Etemadieh published details about a zero day remote code execution (RCE) vulnerability in vBulletin, a popular forum software used by … [Read more...]

CVE-2020-3452: Cisco Adaptive Security Appliance and Firepower Threat Defense Path Traversal Vulnerability

After Cisco disclosed a serious vulnerability in its Adaptive Security Appliance and Firepower Threat Defense, one of the security researchers credited with its discovery released proof of concept code for the flaw. Background On July 22, Cisco published an advisory for a highly rated vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software used by the ASA … [Read more...]

CVE-2020-1350: Wormable Remote Code Execution Vulnerability in Windows DNS Server Disclosed (SIGRed)

Researchers disclose a 17-year old wormable flaw in Windows DNS servers. Organizations are strongly encouraged to apply patches as soon as possible. Background On July 14, Microsoft patched a critical vulnerability in Windows Domain Name System (DNS) Server as part of Patch Tuesday for July 2020. The vulnerability was disclosed to Microsoft by Sagi Tzadik and Eyal Itkin, researchers at Check Point … [Read more...]

CVE-2020-5902: Critical Vulnerability in F5 BIG-IP Traffic Management User Interface (TMUI) Actively Exploited

Three days after an advisory was disclosed for a critical remote code execution vulnerability in F5’s BIG-IP, active attempts to exploit vulnerable hosts have been observed in the wild. Background On June 30, F5 Networks published support articles identified as K52145254 and K43638305 to address two vulnerabilities in BIG-IP, its family of products which includes software and hardware solutions … [Read more...]

CVE-2017-7391: Vulnerability in Magento Mass Import (MAGMI) Plugin Exploited in the Wild

Just as Magento 1 reaches end of life, attackers are exploiting a vulnerability in a Magento plugin from 2017. Site owners should prepare to migrate their stores immediately. Background On May 17, ZDNet published an article about an FBI flash security alert shared with the private sector regarding attacks against Magento stores. Magento is a popular e-commerce platform used by many companies. … [Read more...]

CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability

Critical authentication bypass vulnerability in PAN-OS devices could be exploited in certain configurations, which are commonly recommended by identity providers. Background On June 29, Palo Alto Networks published an advisory for a critical vulnerability in PAN-OS. PAN-OS is the custom operating system (OS) that Palo Alto Networks (PAN) uses in their next-generation … [Read more...]

SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect Microsoft SMBv3 and SMBv1

Three months after an out-of-band patch was released for SMBGhost, aka EternalDarkness (CVE-2020-0796), researchers disclosed two new flaws affecting Microsoft’s Server Message Block (SMB) protocol, including working proof-of-concepts. Background As part of Microsoft’s June 2020 Patch Tuesday release on June 9, researchers disclosed two new vulnerabilities in Microsoft Server Message Block (SMB), … [Read more...]

CVE-2020-2883: Oracle WebLogic Deserialization Vulnerability Exploited in the Wild

Following initial reports that attackers were exploiting a vulnerability in Oracle WebLogic Server, researchers have shared more information about the flaw and its connection to CVE-2020-2555, just as a proof-of-concept has become available. Background On April 14, Oracle released its Critical Patch Update (CPU) for April 2020, a quarterly round-up of fixes across its product line that addressed … [Read more...]

Scams Exploit COVID-19 Giveaways Via Venmo, PayPal and Cash App

The economic impact of COVID-19, which is causing record unemployment, creates a golden opportunity for scammers looking to target vulnerable people desperate for cash to help pay their bills. As Cash App steps up the frequency of its giveaways, and celebrities and other notable figures launch giveaways of their own, scammers are brushing off old tricks in a rush to exploit them. Over the last few … [Read more...]