Getty Images reader comments 28 with 23 posters participating Share this story Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. The mandatory patch came at the request of UpdraftPlus developers because of the severity of the vulnerability, which allows untrusted… Read More »
reader comments 30 with 17 posters participating, including story author Share this story A couple of days after the FBI warned that a ransomware group called BlackByte had compromised critical infrastructure in the US, the group hacked servers belonging to the San Francisco 49ers football team and held some of the team’s data for ransom.… Read More »
reader comments 41 with 35 posters participating, including story author Share this story Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system. Previously called PolicyKit, Polkit manages system-wide… Read More »
reader comments 11 with 11 posters participating Share this story Western Digital has patched three critical vulnerabilities—one with a severity rating of 9.8 and another with a 9.0—that make it possible for hackers to steal data or remotely hijack storage devices running version 3 of the company’s My Cloud OS. CVE-2021-40438, as one of the… Read More »
reader comments 27 with 24 posters participating Share this story Log4Shell is the name given to a critical zeroday vulnerability that surfaced on Thursday when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the vulnerability was Log4J, a logging utility used by thousands if not millions of apps,… Read More »
reader comments 67 with 51 posters participating, including story author Share this story The list of services with Internet-facing infrastructure that is vulnerable to a critical zero-day vulnerability in the open source Log4j logging utility is immense and reads like a who’s who of the biggest names on the Internet, including Apple, Amazon, Cloudflare, Steam,… Read More »
Getty Images reader comments 36 with 30 posters participating Share this story As many as 300,000 routers made by Latvia-based MikroTik are vulnerable to remote attacks that can surreptitiously corral the devices into botnets that steal sensitive user data and participate in Internet-crippling DDoS attacks, researchers said. The estimate, made by researchers at security firm… Read More »
Enlarge / Pseudonymous researcher illusionofchaos joins a growing legion of security researchers frustrated with Apple’s slow response and inconsistent policy adherence when it comes to security flaws. Aurich Lawson | Getty Images reader comments 88 with 56 posters participating, including story author Share this story Yesterday, a security researcher who goes by illusionofchaos dropped public notice… Read More »
Enlarge / You did a bad bad thing. reader comments 19 with 19 posters participating Share this story Governments, vigilantes, and criminal hackers have a new way to disrupt botnets running the widely used attack software Cobalt Strike, courtesy of research published on Wednesday. Cobalt Strike is a legitimate security tool used by penetration testers… Read More »
reader comments 59 with 43 posters participating Share this story Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits. In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity… Read More »