Tag: vulnerability

This WordPress Plugin For Elementor Leaves Websites Vulnerable To Hackers
15May By RBNo Comments
News

This WordPress Plugin For Elementor Leaves Websites Vulnerable To Hackers

Make sure you're utilising this well-known plugin if the WordPress page-builder Elementor powers your website. Because if you are, a recently found security hole makes it simple for hackers to take over your website completely. The WordPress plugin Essential Addons for Elementor is connected to a worrisome cybersecurity problem, according to a recent study from security researchers at Patchstack. Users can create or update their website using a variety of pre-built WordPress blocks and templates provided by the plugin. According to Patchstack's research, "This plugin has an unauthenticated privilege escalation vulnerability that allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site read more This WordPress Plugin For Elementor Leaves W...
Read More
XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
15May By RBNo Comments
News

XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks

Cybersecurity experts have identified an ongoing phishing campaign that employs a distinctive attack chain to infect target PCs with the XWorm malware. Some of the attacks, according to Securonix, which is monitoring the activity cluster known as MEME#4CHAN, have particularly targeted German manufacturing companies and medical facilities. Security experts Den Iuzvyk, Tim Peck, and Oleg Kolesnikov revealed their findings in a fresh analysis that was shared with The Hacker News. "The attack campaign has been leveraging rather unusual meme-filled PowerShell code, followed by a heavily obfuscated XWorm payload to infect its victims read more XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks, With ReconBee.com Stay ahead of the latest threats with in-depth coverage o...
Read More
OpenAI to offer users up to $20000 for reporting bugs
13Apr By RBNo Comments
News

OpenAI to offer users up to $20000 for reporting bugs

OpenAI, the firm behind chatbot sensation ChatGPT, said on Tuesday that it would offer up to $20,000 to users reporting vulnerabilities in its artificial intelligence systems. OpenAI Bug Bounty program, which went live on Tuesday, will offer rewards to people based on the severity of the bugs they report, with rewards starting from $200 per vulnerability. Technology companies often use bug bounty programs to encourage programmers and ethical hackers to report bugs in their software systems. According to details on the bug bounty platform Bugcrowd, OpenAI has invited researchers to review certain functionality of ChatGPT and the framework read more OpenAI to offer users up to $20,000 for reporting bugs. With ReconBee.com Stay ahead of the latest threats with in-depth coverage o...
Read More
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack
3Feb By RBNo Comments
Risk, Security

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

On February 2, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation, added two security weaknesses to its Known Exploited Vulnerabilities (KEV) Catalog. The first of the two flaws is CVE-2022-21587 (CVSS score: 9.8), a serious problem affecting Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.11. An unauthenticated attacker with network access via HTTP could compromise Oracle Web Applications Desktop Integrator by using a vulnerability in the Oracle E-Business Suite, according to CISA read the complete article Oracle E Business Suite and SugarCRM Vulnerabilities Under Attack. You can protect your business and yourself by keeping up with the latest cybersecurity news and articles with the help of reconbee.c...
Read More
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
31Jan By RBNo Comments
Risk, Security

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates

A severe security hole affecting its network-attached storage (NAS) devices that might result in arbitrary code injection has been fixed by Taiwanese manufacturer QNAP through the delivery of updates. The vulnerability, tracked as CVE-2022-27596, has a CVSS rating of 9.8 out of a possible 10. Both QTS 5.0.1 and QuTS Hero H5.0.1 are affected. In a monday advisory, QNAP stated that if exploited, the vulnerability would allow remote attackers to inject malicious code. The NIST National Vulnerability Database (NVD) has identified the weakness as a SQL injection vulnerability despite the fact that the precise technical details around it are unclear read the complete article QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates. For recent and latest cybersec...
Read More
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability
20Jan By RBNo Comments
Risk, Security

New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability

In assaults against a European government organization and an African managed service provider (MSP), a suspected China-nexus threat actor used a recently fixed Fortinet FortiOS SSL-VPN vulnerability as a zero-day. The exploitation took place as early as October 2022, at least over two months before updates were made, according to telemetry data acquired by Google-owned Mandiant. Researchers from Mandiant claimed in a technical analysis that the event "continues China's trend of targeting internet-facing devices, notably those used for managed security purposes (e.g., firewalls, IPSIDS appliances, etc.)." In order to carry out the attacks, a sophisticated backdoor known as BOLD MOVE was used. This backdoor is a Linux variant that has been optimized to run on Fortinet's FortiGate ...
Read More
Over a Third of Recent ICS Bugs Still Have No Vendor Patch
20Jan By RBNo Comments
Risk, Security

Over a Third of Recent ICS Bugs Still Have No Vendor Patch

Operators of industrial control systems (ICS) are being let down by their vendors, according to new data that shows 35% of CVEs announced in the second half of 2022 still lack a fix. The 926 CVEs identified via ICS Advisories from the Cybersecurity and Infrastructure Security Agency (CISA) were examined in SynSaber's ICS Vulnerabilities report for H2 2022. It was discovered that many ICS asset owners' systems are vulnerable as a result of a lack of vendor updates, in addition to the rise in disclosed CVEs (up 36% from the 681 revealed in the first half of the year). According to SynSaber, "Original Equipment Manufacturer (OEM) providers often have tight patch testing, approval, and installation processes," which is why delays frequently occur read the complete article Over a Thir...
Read More
New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks
20Jan By RBNo Comments
Risk, Security

New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks

An attacker might use a newly found major remote code execution (RCE) weakness that affects numerous Microsoft Azure services to take complete control of a target application. According to Liv Matan, an Ermetic researcher, "the vulnerability is achieved by CSRF (cross-site request forgery) on the widely used SCM provider Kudu." Attackers are able to send malicious ZIP files with a payload to a victim's Azure application by taking advantage of the vulnerability. The Israeli company that specializes in protecting cloud infrastructure called the flaw EmojiDeploy and warned that it might make it easier for hackers to steal sensitive information and move it to other Azure services read the complete article New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks. Stay ...
Read More
FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War
18Jan By RBNo Comments
Resources, Risk, Security

FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War

Since Russia's invasion of Ukraine, the UK's financial services sector has experienced a wave of cyberattacks, but firms are generally confident in their abilities to reduce these risks, finds a new Bridewell study. For its most recent research, Cyber Security in Critical National Infrastructure Organizations: Financial Services, the cybersecurity services provider surveyed more than 100 IT decision-makers from UK financial services companies. It was discovered that since the invasion of Ukraine, attacks on the sector have increased by 81%, the second-highest growth of any critical infrastructure (CNI) sector and evidence of the growing cyber danger brought on by geopolitics read the complete article FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War. If you love to ...
Read More
Vice Society Claims Ransomware Attack Against University of Duisburg-Essen
18Jan By RBNo Comments
Risk, Security

Vice Society Claims Ransomware Attack Against University of Duisburg-Essen

The University of Duisburg-Essen (UDE) was the target of a ransomware attack in November 2022. The threat actor Vice Society has admitted involvement and is said to have posted some stolen information on the dark web. The data disclosure, according to UDE's declaration over the weekend, was caused by the institution refusing to pay the attackers' demanded ransom. At the same time, the institution made it clear that all of its security precautions were based on the guidelines set forth by the Federal Office for Information Security (BSI) and the methodology for BSI IT baseline protection read the complete article Vice Society Claims Ransomware Attack Against University of Duisburg. For these types of trending and recent cybersecurity news follow ReconBee.com and keep yourself upda...
Read More
Follow Us on Twitter
Follow Us on LinkedIn
Follow Us on YouTube
Follow Us on Facebook