Security News

Threat actors are actively targeting a vulnerability in the Elementor Pro plugin for WordPress to compromise websites, WordPress security company Defiant warned this week. With an estimated install base of over 1 million websites, Elementor Pro is the paid version of the free Elementor plugin, a drag and drop page builder.

Secure World is part of Microsoft's operating environment for applications that run on Azure Sphere devices that executes Microsoft security code. "Sylvie Liu, security program manager for Microsoft Security Response Center, said:"While Azure Sphere implements security upfront and by default, Microsoft recognizes security is not a one-and-done event.

Hosting biz GoDaddy has admitted a hacker tampered with an SSH file on its servers, leading to the theft of 28,000 users' SSH credentials. The intrusion, which took place last month, involved one or more malicious persons "Alter" an SSH file on GoDaddy's infrastructure, the US giant told The Register.

UPDATE. GoDaddy, the world's largest domain name registrar, is warning customers that attackers may have obtained their web hosting account credentials. The company said that the breach only affected hosting accounts, not general GoDaddy.com customer accounts, and that no customer data in the main accounts was accessed.

The aircraft safety system known as the Traffic Alert and Collision Avoidance System can be coerced into sending an airplane on a mid-air rollercoaster ride - much to the horror of those onboard. Spoofing the Traffic Alert and Collision Avoidance System is not new.

Over the past several days, hackers have exploited two recently disclosed Salt vulnerabilities to compromise the servers of LineageOS, Ghost and DigiCert. Last week, F-Secure security researchers disclosed two vulnerabilities in Salt that could allow remote attackers to execute commands as root on "Master" and connected minions.

SACRAMENTO, Calif. - A journalist who went to federal prison for hacking attacks on California media is now charged with a similar attack on a magazine. Probation officials filed a petition Monday alleging that Matthew Keys, 33, of Sacramento violated the conditions of his release by hacking into and deleting the YouTube account of Comstock's Magazine, the Sacramento Bee reported.

Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. "Eventually, the attacker could access all the data from your organization's Teams accounts - gathering confidential information, meetings and calendar information, competitive data, secrets, passwords, private information, business plans, etc."

Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. "Eventually, the attacker could access all the data from your organization's Teams accounts - gathering confidential information, meetings and calendar information, competitive data, secrets, passwords, private information, business plans, etc."

It started a couple days ago when a number of researchers and I'm probably gonna mispronounce the name of the security firm, ZecOps or something along those lines -I can never pronounce these names - But anyways, they found two zero days, or what they claimed are two zero days that are very, very troubling when described. Tom: Yeah, well, you know, Apple has gotten some support from the research community.