Security News

A vulnerability addressed recently in the WPvivid Backup Plugin could be exploited to obtain all files of a WordPress website, web security company WebARX reveals. WPvivid Backup Plugin is a free and open-source plugin that allows users to easily backup, migrate, and restore their WordPress installations to new hosts, or send backups to remote storage.

A now-defunct mobile app for loaning money to small business owners has been pinned down as the source of an exposed archive containing roughly 500,000 personal and business financial records. The research team at vpnMentor said it traced an exposed database of financial records back to a former Android/iOS app called MCA Wizard, developed jointly by Advantage Capital Funding and Argus Capital Funding back in 2018.

AMD processors sold between 2011 and 2019 are vulnerable to two side-channel attacks that can extract kernel data and secrets, according to a new research paper. In a paper [PDF] titled, "Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors," six boffins - Moritz Lipp, Vedad Hadžić, Michael Schwarz, and Daniel Gruss, Clémentine Maurice, and Arthur Perais - explain how they reverse-engineered AMD's L1D cache way predictor to expose sensitive data in memory.

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.

On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked.

On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked.

The Information Commissioner's Office has fined Cathay Pacific Airways £500,000 for leaky security that exposed the personal data of 9.4 million passengers - 111,578 of whom were from the UK. The breach, which occurred between October 2014 and May 2018, exposed passengers' names, passport and identity details, dates of birth, postal and email addresses, phone numbers, and travel history, as well as 430 credit card numbers, 27 of which were active. The unauthorised access was first suspected in March 2018, when Cathay's database suffered a brute force attack, and confirmed in May. A Cathay Pacific spokesman said at the time that the combination of data accessed varied for each affected passenger.

A software engineer on trial in the largest leak of classified information in CIA history was "Prepared to do anything" to betray the agency, federal prosecutors said Monday as a defense attorney argued the man had been scapegoated for a breach that exposed secret cyberweapons and spying techniques. A Manhattan jury heard conflicting portrayals of Joshua Schulte, a former CIA coder accused of sending the anti-secrecy group WikiLeaks a large portion of the agency's computer hacking arsenal - tools the agency had used to conduct espionage operations overseas.

Popular pharmacy chain Walgreens is warning that a bug in its official mobile app may have exposed sensitive data, including customers' full names and information on prescriptions for medications they are taking. While Walgreens did not detail the technical glitch, it said that the internal application error enabled certain personal messages, stored in a database, to be viewed by other customers who were using the mobile app.