Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.
“The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and
The Hacker News – Read More
GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges.
The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5.
“On GitHub Enterprise Server instances that use SAML single sign-on (SSO)
The Hacker News – Read More
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild.
Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.
“Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
The Hacker News – Read More
Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.
“Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said in a technical report.
”
The Hacker News – Read More
Bangladeshi hackers “SYSTEMADMINBD” defaced Zee Media’s website, accusing them of mocking the situation in Bangladesh amid severe flooding.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Millions of office and hotel contactless access cards using Fudan Microelectronics chips are vulnerable to a hardware backdoor…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Is your favorite emerging tech about to explode – or fizzle out? Gartner’s hype cycle offers crucial insights into the future of AI, developer tools, and security. See what’s coming tomorrow.
Latest stories for ZDNET in Security – Read More
Protesters took to Citi Field Wednesday to raise awareness of the facial recognition systems that have become common at major league sporting venues.
Security Latest – Read More
The new PG_MEM malware targets PostgreSQL databases, exploiting weak passwords to deliver payloads and mine cryptocurrency. Researchers warn…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign.
Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky.
MoonPeak, under active development
The Hacker News – Read More