Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

/in

A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.

The post Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors appeared first on SecurityWeek.

SecurityWeek – ​Read More

ThreatLocker Raises $115M in Series D Funding

/in

The round was led by existing investor General Atlantic, with participation from other major investors StepStone Group and the D. E. Shaw group. The company intends to use the funds to drive product innovation and accelerate its global expansion.

Cyware News – Latest Cyber News – ​Read More

Autodesk Hosting PDF Files Used in Microsoft Phishing Attacks

/in

Researchers discovered a sophisticated phishing campaign that is using compromised email accounts and Autodesk’s file sharing platform to steal Microsoft login credentials from victims.

Cyware News – Latest Cyber News – ​Read More

Researchers Sinkhole PlugX Malware Server With 2.5 Million Unique IPs

/in

Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses.

Cyware News – Latest Cyber News – ​Read More

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

/in

Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.
The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.
“This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as

The Hacker News – ​Read More

PCI Launches Payment Card Cybersecurity Effort in the Middle East

/in

The payment card industry pushes for more security in financial transactions to help combat increasing fraud in the region.

darkreading – ​Read More

How to change your IP address, why you’d want to – and when you shouldn’t

/in

Looking for more privacy? Or easier access to a network device? Here are the steps for every operating system, and how to avoid address conflicts.

Latest stories for ZDNET in Security – ​Read More

OpenAI’s GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities, Study Finds

/in

Researchers from the University of Illinois Urbana-Champaign found that OpenAI’s GPT-4 is able to exploit 87% of a list of vulnerabilities when provided with their NIST descriptions.

Security | TechRepublic – ​Read More

Chinese Keyboard Apps Open 1B People to Eavesdropping

/in

Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.

darkreading – ​Read More

FTC Issues $5.6M in Refunds to Customers After Ring Privacy Settlement

/in

The refunds will be made to individual affected customers through thousands of PayPal payments, available to be redeemed for a limited time.

darkreading – ​Read More