Security News
More than 17,000 websites are exposed to attacks targeting a critical zero-day vulnerability in the Fancy Product Designer WordPress plugin, the Wordfence team at WordPress security company Defiant warns. Fancy Product Designer is a premium plugin for online stores that provides users with the ability to customize products with images and PDF files uploaded from various devices.
Exploit acquisition firm Zerodium on Tuesday announced that it is offering $100,000 for severe vulnerabilities in Pidgin for Windows and Linux. On June 1, Zerodium announced that, until August 31, it will be accepting the submission of exploits for unpatched vulnerabilities that affect the latest version of Pidgin on Windows and/or Linux.
Accellion failed to notify customers of a zero-day vulnerability in its file transfer application and related cyber-attacks targeting the security flaw, according to a new report from professional services firm KPMG. FTA is a large file transfer service that was retired at the end of April 2021, after being in use for roughly 20 years. At the time of attack, FTA still had roughly 50 customers, and some already confirmed impact from the incident, including The Reserve Bank of New Zealand, the U.S.-based law firm Jones Day, the Office of the Washington State Auditor, and security and compliance solutions provider Qualys.
Threat actors are scanning for sites running the Fancy Product Designer plugin to exploit a zero-day bug allowing them to upload malware. Fancy Product Designer is a visual product configurator plugin for WordPress, WooCommerce, and Shopify, and it allows customers to customize products using their own graphics and content.
Hewlett Packard Enterprise has fixed a critical zero-day remote code execution flaw in its HPE Systems Insight Manager software for Windows that it originally disclosed in December. HPE SIM is a tool that enables remote support automation and management for a variety of HPE servers, including the HPE ProLiant Gen10 and HPE ProLiant Gen9, as well as for storage and networking products.
Hewlett Packard Enterprise has released a security update to address a zero-day remote code execution vulnerability in the HPE Systems Insight Manager software, disclosed last year, in December. HPE SIM is a remote support automation and management solution for HPE servers, storage, and networking products, including HPE's ProLiant Gen10 and ProLiant Gen9 servers.
Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone's computer and capture images of their activity within applications or on video conferences without that person knowing. Apple addressed the vulnerability-discovered by researchers at enterprise cybersecurity firm Jamf- in the latest version of macOS, Big Sur 11.4, released on Monday, the company told Forbes, according to a published report.
A zero-day vulnerability that allowed XCSSET malware to surreptitiously take screenshots of the victim's desktop has been fixed by Apple on macOS 11.4 on Monday. The XCSSET malware and its CVE-2021-30713 exploitation.
Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections. In all three cases, Apple said that it is aware of reports that the security issues "May have been actively exploited," but it didn't provide details on the attacks or threat actors who may have exploited the zero-days.
Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections. In all three cases, Apple said that it is aware of reports that the security issues "May have been actively exploited," but it didn't provide details on the attacks or threat actors who may have exploited the zero-days.