Over 50,000 Tinyproxy Servers Vulnerable to Critical RCE Flaw

A critical remote code execution (RCE) flaw, CVE-2023-49606, was found affecting nearly 52,000 Tinyproxy servers. This vulnerability was disclosed by Cisco Talos in December 2023, impacting versions 1.11.1 and 1.10.0 of Tinyproxy.

Cyware News – Latest Cyber News – ​Read More

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites.
The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user 

The Hacker News – ​Read More

Hackers Exploit LiteSpeed Cache Flaw to Create WordPress Admins

WPScan observed in April increased exploitation activity against WordPress sites with versions of the plugin older than 5.7.0.1, which are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000.

Cyware News – Latest Cyber News – ​Read More

Law Enforcement Agencies Identified LockBit Ransomware Admin and Sanctioned Him

The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’, and issued sanctions against him.

Cyware News – Latest Cyber News – ​Read More

LockBit Honcho Faces Sanctions, With Aussie Org Ramifications

Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.

darkreading – ​Read More

Chinese Hackers Deployed Backdoor Quintet to Down MITRE

MITRE’s hackers made use of at least five different Web shells and backdoors as part of their attack chain.

darkreading – ​Read More

Major UK Security Provider Leaks Trove of Guard and Suspect Data

By Deeba Ahmed

Over 1.2 million records were exposed in a major data breach at UK security firm Amberstone. Learn the potential impact, what to do if affected, and how to stay secure.

This is a post from HackRead.com Read the original post: Major UK Security Provider Leaks Trove of Guard and Suspect Data

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Wiz Announces $1B Funding Round, Plans More M&A

Much of the funding will be used for product development and talent acquisition to cover more ground as the cybersecurity industry continues to evolve.

darkreading – ​Read More

Does CISA’s KEV Catalog Speed Up Remediation?

Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough.

darkreading – ​Read More

What’s the Future Path for CISOs?

A panel of former CISOs will lead the closing session of this week’s RSA Conference to discuss challenges and opportunities.

darkreading – ​Read More