Security News > 2021

Apple on Monday released patches for a vulnerability in WebKit that could allow attackers to execute code remotely on affected devices. To exploit the vulnerability, an attacker would simply need to craft a webpage containing malicious code, and then lure the victim into accessing that webpage, which would trigger the execution of code onto the victim's machine.

The most well-known and popular blogging platform, WordPress, is considering dropping support for Internet Explorer 11 as the browser's usage dips below 1%. Using three metrics to determine the number of people still using IE 11, WordPress has found that its cumulative usage is below 1%:. These usage numbers are similar to when WordPress dropped support for Internet Explorer 8, 9, and 10 in 2017. With such low numbers and the high cost of maintaining the browser, WordPress plans to remove support for Internet Explorer 11 in the future.

Tom Merritt lists five things you need to know about messaging apps. You can't spell "Messaging" without "Mess." There are dozens of apps and protocols with varying levels of security and protection.

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers. The dropper, dubbed Clast82, was disguised in benign apps, which don't fetch a malicious payload until they have been vetted and cleared by Google Play Protect.

Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect. In total, the company fixed eight vulnerabilities today, with the majority of them rated as Critical as they allow arbitrary code execution.

Apple is rolling out fixes for a high-severity vulnerability in its WebKit browser engine that, if exploited, could allow remote attackers to completely compromise affected systems. Apple on Monday urged affected device users to update as soon as possible: "Keeping your software up-to-date is one of the most important things you can do to maintain your Apple product's security," said the company on Monday.

A cryptomining botnet spotted last year is now targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero cryptocurrency. Z0Miner is a cryptomining malware strain spotted in November by the Tencent Security Team, who saw it infecting thousands of servers by exploiting a Weblogic security vulnerability.

A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin could be exploited to gain administrative privileges to a website. With more than 30,000 installations to date, The Plus Addons for Elementor is a premium plugin that has been designed to add several widgets to be used with the popular WordPress website builder Elementor.

A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. The GandCrab ransomware operation started in January 2018 when it quickly became a malware empire threatening businesses worldwide.

Siemens on Tuesday published 12 new security advisories to inform customers about nearly two dozen vulnerabilities affecting its products. Half of the new advisories cover vulnerabilities in third-party components.