Security News

A research from Detectify found that subdomain takeovers are on the rise but are also getting harder to monitor as domains now seem to have more vulnerabilities in them. Our research found that of the number of scanned apex and subdomains from 2020 to 2021, vulnerabilities increased as much as 25%. Subdomain takeovers and vulnerabilities per domains on the rise.

TLStorm exploits expose more than 20 million UPS units to takeover. The exploits come, said Armis head of research Barak Hadad, in a time when even the least likely of devices has an internet connection that turns it into a potential threat.

Zenly, a social app from Snap that allows users to see the locations of friends and family on a live map, contains a pair of vulnerabilities that could endanger those being tracked. "When submitting a friend request to a user, Zenly will allow access to their phone number regardless of whether the friend request is accepted or not," explained the researchers, in a Thursday posting.

Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found.In January, researchers at Avanan, a Check Point Company, began tracking the campaign, which drops malicious executable files in Teams conversations that, when clicked on, eventually take over the user's computer, according to a report published Thursday.

In an analysis of more than 21 billion application transactions analyzed by the Cequence Security Threat Research Team between June and December of last year, API-based account login and registration transactions increased by 92 percent to more than 850 million. Highlighting the fact that attackers love APIs just as much as developers, that same dataset showed account takeover attacks on login APIs increased by 62 percent.

The first issue affects the WordPress AdSanity plugin. AdSanity Plugin Allows RCE. AdSanity is a light ad rotator plugin for WordPress.

After a number of top traders of FIFA's Ultimate Team game last week reported that their accounts had been taken over and cleared of points and thousands of dollars in game currency, EA launched an investigation. The company discovered that phishers managed to "Exploit human error" among EA's customer support staff to compromise less than 50 top trader accounts, the company wrote in a post on its website Tuesday.

A security vulnerability in VMware's Cloud Foundation, ESXi, Fusion and Workstation platforms could pave the way for hypervisor takeover in virtual environments - and a patch is still pending for some users. ESXi is a bare-metal hypervisor that installs on a server and partitions it into multiple virtual machines.

An attacker with an account with the site - such as a subscriber, shopping account holder or member - can take advantage of the holes, which are a privilege-escalation bug and an SQL-injection problem, according to researchers at Sucuri. Essentially, the plugin can send commands to various REST API endpoints, and it performs a permissions check to make sure no one's doing anything they're not allowed to do.

A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. Both vulnerabilities are described as a "Windows Active Directory domain service privilege-escalation" bugs and are of high severity, with a CVSS criticality score of 7.5 out of 10.