Security News

IoT devices are now responsible for 32.72 percent of all infections observed in mobile and Wi-Fi networks - up from 16.17 percent in 2019. Researchers with Nokia's Threat Intelligence Lab said, in the Threat Intelligence Report 2020 released this week, that they believe that number of IoT infections will continue to grow "Dramatically" as connected devices continue to populate in homes and enterprise settings alike.

Researchers have disclosed two flaws in Microsoft's Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers. Azure App Services is an HTTP-based service for hosting web applications, and is available in both Microsoft Azure Cloud and on-premise installations.

QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage devices. Helpdesk is the built-in app that comes with QNAP's NAS devices and allows admins to submit help requests to the QNAP support team over the Internet.

Three vulnerabilities affecting HP Device Manager, an application for remote management of HP Thin Client devices, could be chained together to achieve unauthenticated remote command execution as SYSTEM, security researcher Nick Bloor has found. HP Device Manager allows IT admins to remotely deploy, update, and manage thousands of HP Thin Clients through a single console.

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. The upshot is that attackers could use the malicious JavaScript to add a malicious administrator, add a backdoor to plugin or theme files, or steal the administrator's session information - all of which are paths to complete takeover of a site.

In 2019 alone, ATO attacks cost consumers and e-commerce retailers a whopping $16.9 billion in losses. To be clear, ATO fraud isn't new, it's been a concern for online retailers for a decade.

ATO is the weapon of choice for fraudsters leading up to the holiday shopping season, new data from Sift shows, and consumers place account security burden on businesses. Account takeover fraud attempts to steal from consumers and e-commerce merchants swelled 282% between Q2 2019 to Q2 2020, new data from digital trust and safety provider Sift finds.

A vulnerability in Instagram allowed an attacker to take over an Instagram account and turn the victim's phone into a spying tool by simply sending a malicious image by any media exchange platform. Check Point Research decided to examine Instagram because of its size and popularity.

The TeamTNT cybercrime gang is back, attacking Docker and Kubernetes cloud instances by abusing a legitimate cloud-monitoring tool called Weave Scope, according to researchers. It can be integrated with Docker, Kubernetes, the Distributed Cloud Operating System and Amazon Web Services Elastic Compute Cloud - and it gives cybercriminals a perfect entree into a company's cloud infrastructure.

Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks - including deploying ransomware, and shutting down or even taking over critical systems. The flaws exists in CodeMeter, owned by Wibu-Systems, which is a software management component that's licensed by many of the top industrial control system software vendors, including Rockwell Automation and Siemens.