Security News > 2020 > July

The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers. In May for instance, Page Builder by SiteOrigin, a WordPress plugin with a million active installs that's used to build websites via a drag-and-drop function, was found to harbor two flaws that could allow full site takeover.

Several critical remote code execution vulnerabilities were addressed in Android this week with the release of the July 2020 set of security patches, including three in the media framework and system components. Google addressed two critical flaws in the system component, one impacting Android 8.0 and newer releases, and the other affecting Android 10 only.

More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials, according to a report published on Wednesday by San Francisco-based risk protection solutions provider Digital Shadows. Over the past few years, Digital Shadows added to its breach repository more than 15 billion credentials shared on criminal forums, paste sites, file sharing services, and code sharing websites.

Chinese telecoms giant Huawei urged Britain on Wednesday not to rush into taking any costly decision to phase out its equipment from the UK's 5G network because of US sanctions. Johnson's government allowed Huawei to roll out up to 35 percent of Britain's 5G network under the condition that it stays out of "Core" elements dealing with personal data.

With anyone who can work from home actually doing so during the pandemic, networking - and therefore network security - has become more business-critical than it was before. When Freeform Dynamics surveyed Register readers for their experiences with network security, it was frustrating to see so many say that the one sure way to persuade management to take it seriously was to suffer a major computer security breach.

Stolen domain admin login credentials can be resold by dark web criminals for up to £95,000 and a total of 15 billion purloined credentials are traded on illicit marketplaces. "Rick Holland, CISO and strategy veep of Digital Shadows, mused:"The sheer number of credentials available is staggering and in just over the past 1.5 years, we've identified and alerted our customers to some 27 million [leaked] credentials which could directly affect them.... "Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple - consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised."

According to the Feds' allegations, Turchin is a member of a "Prolific, financially motivated cybercriminal group composed of foreign actors that hacks the computer networks of a broad array of corporate entities, educational institutions and governments around the world, including the United States, and advertises and sells such unauthorized access to its victims' protected systems." "Many transactions occurred through use of a broker and escrow, which allowed interested buyers to sample the network access for a limited period to test the quality and reliability of the illicit access."

A new report from cloud security company Bitglass found that employers are losing control of their enterprise's cybersecurity reins due to the explosion of the bring your own device trend. Now that data breaches have become a daily occurrence, the security concerns around the use of personal devices has given cybersecurity experts pause.

Microsoft has seized several domains associated with a massive hacking campaign, which has targeted Office 365 accounts with phishing and business email compromise emails. A recent court order issued by U.S. District Court for the Eastern District of Virginia allowed the tech company to disable the domains associated with the email attacks and disband the campaign: "Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals' infrastructure so that it can no longer be used to execute cyberattacks," according to Tom Burt, corporate vice president, Customer Security and Trust, in a Tuesday post.

You upload the file to a file sharing site, optionally setting various options that describe which other users can see it, and for how long, and then send the recipient an email that contains a download link where they can fetch the file at their leisure. Which is why we are occasional but enthusiastic users of Firefox Send, a free service from Mozilla that aims to let you share large files easily, but without the worry of what gets left behind and forgotten about.