Installing the updates is only the beginning of the recovery process, since the infections allow attackers to make off with authentication credentials that give wide access to a variety of sensitive resources inside a compromised network. More about those additional steps later in this article. On Saturday, researchers from security firm Eye Security reported finding… Read More »
Getty Images reader comments 29 Ransomware criminals have quickly weaponized an easy-to-exploit vulnerability in the PHP programming language that executes malicious code on web servers, security researchers said. As of Thursday, Internet scans performed by security firm Censys had detected 1,000 servers infected by a ransomware strain known as TellYouThePass, down from 1,800 detected on… Read More »
Getty Images reader comments 40 The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild. The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already… Read More »
reader comments 23 Google has updated its Chrome browser to patch a high-severity zero-day vulnerability that allows attackers to execute malicious code on end user devices. The fix marks the fifth time this year the company has updated the browser to protect users from an existing malicious exploit. The vulnerability, tracked as CVE-2024-4671, is a… Read More »
Getty Images reader comments 10 Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-severity vulnerability that allows complete takeover, researchers said. The vulnerability resides in WordPress Automatic, a plugin with more than 38,000 paying customers. Websites running the WordPress content management system use it to incorporate content… Read More »
reader comments 10 Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks. The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti Endpoint Manager. Also known… Read More »
Getty Images reader comments 22 Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they’re in, attackers compromise the integrity of SSH sessions that form the lynchpin for admins to securely connect to computers inside the cloud and other sensitive environments. Terrapin,… Read More »
Getty Images reader comments 15 with A vulnerability that allows attackers to bypass multifactor authentication and access enterprise networks using hardware sold by Citrix is under mass exploitation by ransomware hackers despite a patch being available for three weeks. Citrix Bleed, the common name for the vulnerability, carries a severity rating of 9.4 out of… Read More »
reader comments 39 with End users, admins, and researchers better brace yourselves: The number of apps being patched for zero-day vulnerabilities has skyrocketed this month and is likely to get worse in the following weeks. People have worked overtime in recent weeks to patch a raft of vulnerabilities actively exploited in the wild, with offerings… Read More »
Getty Images reader comments 43 with A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives. The vulnerability, residing in the way WinRAR processes the ZIP file… Read More »