An openly accessible web server has emerged as a possible attack vector used by cybercriminals in a reported ransomware incident that affected personal care and beauty marketer Avon Products last June. Researchers from Safety Detectives today announced its discovery of a U.S.-based Avon.com server that was not defended by a password,
Tag: exploited
Cisco patches severe traversal vulnerability exploited in wild
Cisco is urging organizations to implement its patch for a high severity directory traversal vulnerability that affected the web services interface of the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software firewall products and which is being actively exploited in the wild. The vulnerability, CVE-2020-3452, stems
Six Cisco servers compromised when hackers exploited SaltStack Salt flaws
Six Cisco salt-master backend servers were compromised when attackers exploited two recently reported vulnerabilities in SaltStack Salt. Cisco revealed the attacks in an advisory, saying the Cisco Modeling Labs Corporate Edition (CML) and the Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) were vulnerable. In early May one or more attackers exploited
Mozilla patches exploited zero-day flaw in Firefox
The Mozilla Foundation yesterday issued a security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited, critical vulnerability in the IonMonkey JIT compiler. “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads an official advisory
Google app vulnerability being exploited in the wild: Trend Micro
The Sidewinder APT group has been actively abusing a Binder vulnerability in at least three apps found in the Google Play store. The three apps, all file manager and photography tools, were uploaded starting in March 2019, but have since been removed. The apps involved are Camero, FileCrypt and callCam. The vulnerability effects several Android devices,
Amazon’s Ring partners with National Center for Missing & Exploited Children to put missing posters in Neighbors app
Microsoft fixes exploited privilege elevation flaw, 34 more bugs
For its final Patch Tuesday release of the year, Microsoft Corporation issued a series of security updates that fixed a total of 35 vulnerabilities, seven of which were deemed critical and one of which was found to be actively exploited. The most severe flaws consist of remote code execution vulnerabilities in
Exploited Android flaw ‘StrandHogg’ enables phishing overlays, malicious permissions
Attackers have been actively exploiting an Android vulnerability that allows malicious apps to display dangerous permission requests and phishing overlays under the guise of a legitimate app. Dubbed StrandHogg (an old Norse Viking term), the flaw resides in Android’s taskAffinity control setting, and can be successfully abused without having to first
Microsoft revises and re-releases patch for exploited Internet Explorer bug
Microsoft Corp. yesterday re-released a security update for CVE-2019-1367, a critical remote execution bug in Internet Explorer that has been actively exploited. The new release expands upon the previous emergency out-of-band update, which took place Sept. 23. According to reports, the company’s earlier effort to distribute a patch was only available
Reports: Actively exploited zero-day found in vBulletin forum software
The vBulletin Internet forum software package reportedly contains a critical zero-day remote code execution vulnerability that attackers have been actively exploiting, possibly as far back as three years ago. Multiple news organizations are reporting that a researcher studying the well-known forum software published a pre-auth RCE exploit for the bug on vBulletin’s