Security News

About 8,000 users of F5 Networks' BIG-IP family of networking devices are still vulnerable to full system access and remote code-execution, despite a patch for a critical flaw being available for two weeks. Public exploits were made available for it, leading to mass scanning for vulnerable devices by attackers, and ultimately active exploits.

A critical vulnerability, carrying a severity score of 10 out of 10 on the CvSS bug-severity scale, has been disclosed for SAP customers. The bug has been named RECON by the Onapsis Research Labs researchers that found it, and it affects more than 40,000 SAP customers, they noted.

The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers. In May for instance, Page Builder by SiteOrigin, a WordPress plugin with a million active installs that's used to build websites via a drag-and-drop function, was found to harbor two flaws that could allow full site takeover.

UPDATED. Researchers this week said they discovered an unpatched, zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover, they said. The flaw, a memory-safety issue present in the firmware's httpd web server, allows attackers to bypass authentication on affected installations of Netgear routers, according to two separate reports: One on the Zero Day Initiative by a researcher called "d4rkn3ss" from the Vietnam Posts and Telecommunications Group; and a separate blog post by Adam Nichols of cybersecurity firm Grimm.

VMWare's VMware Cloud Director has a security flaw that researchers believe could be exploited to compromise multiple customer accounts using the same cloud infrastructure. A few weeks back, security pen testing company Citadelo chanced upon what looks like a significant vulnerability while it was carrying out an audit for a VMware customer.

A code injection vulnerability affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered. VMware Cloud Director is a cloud service delivery platform used by public and private cloud providers to operate and manage cloud infrastructure.

That's nowhere near as crazy as it sounds: you're not asking people to share their actual Apple passwords with you, which would not only be dangerous but also against Apple's terms of service. The benefits are as follows: you get top-quality cryptography and authentication "For free"; your users can use login credentials they already have; and Apple gets to encourage users to have Apple accounts in the first place.

Page Builder by SiteOrigin, a WordPress plugin with a million active installs that's used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover. "If the user is in the live editor, the siteorigin panels live editor parameter will be set to 'true' and register that a user is accessing the live editor. The plugin will then attempt to include the live editor file which renders all of the content."

Today we're going to dive into how COVID-19 is driving an increase in account takeover as well as providing some suggestions on how to combat. Before we get too into the weeds, let's just quickly level set on a definition of account takeover or ATO. Account takeover is when a legitimate customer's account is accessed through illicit means for the purpose of committing fraud.

Microsoft has quickly fixed a flaw in its Teams videoconferencing and collaboration program that could have allowed attackers to launch a wormlike attack on multiple accounts by sending one victim a malicious GIF image. If an attacker can somehow force a user to visit the sub-domains that have been taken over, the victim's browser will send this cookie to the attacker's server and the attacker can create a skype token.