Security News

Acer sent out the same statement to multiple news outlets, refusing to confirm or deny the attack and only saying companies like it "Are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries." Bleeping Computer also reported that there are some indications showing the people behind REvil used a Microsoft Exchange server on Acer's domain, potentially making it one of the first times a ransomware group leveraged a heavily publicized vulnerability to complete an attack.

The fact that 3 in 4 companies have experienced malicious account takeover attacks highlights the need to track and secure identities as they move from on prem to the cloud. Just one in three security professionals believe they could identify and stop an account takeover attack immediately, the majority expect to take days or even weeks to intercept such a breach.

A new report, developed by Aite Group, and underwritten by GIACT, uncovers the striking pervasiveness of identity theft perpetrated against U.S. consumers and tracks shifts in banking behaviors adopted as a result of the pandemic. According to the report, from 2019 to 2020, 47% of U.S. consumers surveyed experienced identity theft; 37% experienced application fraud.

A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin could be exploited to gain administrative privileges to a website. With more than 30,000 installations to date, The Plus Addons for Elementor is a premium plugin that has been designed to add several widgets to be used with the popular WordPress website builder Elementor.

A security researcher says Microsoft has awarded him a $50,000 bounty reward for reporting a vulnerability that could have potentially allowed for the takeover of any Microsoft account. The attack, the researcher explains, targets the password recovery process that Microsoft has in place, which typically requires the user to enter their email or phone number to receive a security code, and then enter that code.

A newly uncovered cyberattack is taking control of victims' Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox. FriarFox gives cybercriminals various types of access to users' Gmail accounts and Firefox browser data.

Critical and high severity vulnerabilities in the Responsive Menu WordPress plugin exposed over 100,000 sites to takeover attacks as discovered by Wordfence. Responsive Menu is a WordPress plugin designed to help admins create W3C compliant and mobile-ready responsible site menus.

Two severe vulnerabilities in the NextGEN Gallery WordPress plugin could have exposed more than 800,000 websites to complete takeover, WordPress security company Defiant reported on Monday. Available for more than a decade, the plugin provides users with a broad range of gallery management capabilities, such as batch upload of photos, metadata import, thumbnail editing, photo and gallery management, and more.

"The vulnerability affects Windows 10 and corresponding server editions of the Windows OS," said Chris Goettl, senior director of product management and security at Ivanti. "The Windows Fax Service is used by the Windows Fax and Scan application included in all versions of Microsoft Windows 7, Windows 8 and Windows 10 and some earlier versions."

Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. Researchers discovered two cross-site request forgery flaws - one critical and one high-severity - in the plugin.