Tag: security
Hackers attempt to hijack a major WordPress plugin that could allow for site takeovers
A critical vulnerability recently discovered in a popular WordPress plugin, is being actively abused in the wild, researchers have said, with hackers potentially able to use the flaw to fully take over a victim’s website. WordPress security firm Patchstack first discovered an SQL injection (SQLi) vulnerability in the WP‑Automatic plugin,…
Read More
Developing countries are being used by hackers to try out new ransomware strains
IT security pros are not the only ones with sandboxes and honeypots to test malware in, as hackers are doing the same – in developing parts of the world. A report from Performanta says that many hackers would first try out new malware strains in developing countries, before targeting companies…
Read More
Phone tracking app with millions of users has a major security flaw that can expose precise locations
A popular phone tracking app was found to be leaking sensitive data on millions of its users. A security researcher named Eric Daigle discovered the flaw in iSharing, a mobile app for device tracking with more than 10 million downloads on the Google Play Store, alone. By abusing the vulnerability,…
Read More
Top network performance tool Flowmon has a serious security flaw, so patch now
Network monitoring and security solution Progress Flowmon was found to be carrying a maximum-severity vulnerability which could allow threat actors to escalate privileges and gain full access to the target endpoint. As reported by BleepigComputer, the performance tracking, diagnostics, and network detection and response tool was vulnerable to CVE-2024-2389, a…
Read More
Over a billion users could be at risk from keyboard logging app security flaw
Almost a billion mobile users, holding various devices, could have had their communications revealed to malicious third parties, a report from cybersecurity researchers Citizen Lab claims. It says different device manufacturers have used different keyboard apps which were relaying unencrypted communications, transmitting keystrokes via plaintext, and similar. Tencent QQ Pinyin,…
Read More
CDN network cache hacked to spread malware across the globe
Threat actors known as CoralRaider have been using the Bynny content delivery network (CDN) to distribute infostealers to victims around the world. Rresearchers Cisco Talos have revealed who said CoralRaider abused the CDN to hide from security solutions, as they delivered LummaC2, Rhadamanthys, and Cryptobot. CoralRaider is a financially motivated…
Read More