Security News

Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found.In January, researchers at Avanan, a Check Point Company, began tracking the campaign, which drops malicious executable files in Teams conversations that, when clicked on, eventually take over the user's computer, according to a report published Thursday.

In an analysis of more than 21 billion application transactions analyzed by the Cequence Security Threat Research Team between June and December of last year, API-based account login and registration transactions increased by 92 percent to more than 850 million. Highlighting the fact that attackers love APIs just as much as developers, that same dataset showed account takeover attacks on login APIs increased by 62 percent.

The first issue affects the WordPress AdSanity plugin. AdSanity Plugin Allows RCE. AdSanity is a light ad rotator plugin for WordPress.

After a number of top traders of FIFA's Ultimate Team game last week reported that their accounts had been taken over and cleared of points and thousands of dollars in game currency, EA launched an investigation. The company discovered that phishers managed to "Exploit human error" among EA's customer support staff to compromise less than 50 top trader accounts, the company wrote in a post on its website Tuesday.

A security vulnerability in VMware's Cloud Foundation, ESXi, Fusion and Workstation platforms could pave the way for hypervisor takeover in virtual environments - and a patch is still pending for some users. ESXi is a bare-metal hypervisor that installs on a server and partitions it into multiple virtual machines.

An attacker with an account with the site - such as a subscriber, shopping account holder or member - can take advantage of the holes, which are a privilege-escalation bug and an SQL-injection problem, according to researchers at Sucuri. Essentially, the plugin can send commands to various REST API endpoints, and it performs a permissions check to make sure no one's doing anything they're not allowed to do.

A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. Both vulnerabilities are described as a "Windows Active Directory domain service privilege-escalation" bugs and are of high severity, with a CVSS criticality score of 7.5 out of 10.

Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.Redmond's warning to immediately patch the two bugs - both allowing attackers to impersonate domain controllers - comes after a proof-of-concept tool that can leverage these vulnerabilities was shared on Twitter and GitHub on December 11.

Critical security vulnerabilities in SonicWall's Secure Mobile Access 100-series VPN appliances could allow an unauthenticated, remote user to execute code as root. "The vulnerability is due to the SonicWall SMA SSLVPN Apache httpd server GET method of mod cgi module environment variables use a single stack-based buffer using `strcat,'" according to SonicWall's security advisory, issued Tuesday.

A high-severity security vulnerability in CloudLinux's Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security.