Web Security

Threatpost 

Microsoft Management Console Bugs Allow Windows Takeover

June 18, 2019 TH Author admin status, Cross Site Scripting, CVE-2019-0948, desktop takeover, Microsoft Windows, patch, privileged machine, Vulnerabilities, Vulnerability, Web Security, XML External Entity, XSS, XXE

Multiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops. READ MORE HERE…

Read more

Threatpost 

Irked Researcher Discloses Facebook WordPress Plugin Flaws

June 17, 2019 TH Author Cross-site request forgery, Facebook, Facebook for WooCommerce, Messenger Customer Chat, plugin, Uncategorized, Web Security, wordpress, WordPress plugin

Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook. READ MORE HERE…

Read more

Threatpost 

5,000 Twitter Accounts Linked to Disinformation Campaigns

June 17, 2019 TH Author 5000, account removal, Cloud Security, disinformation, Facebook, Government, influence campaigns, Irán, propaganda, social media, State sponsored, twitter, Web Security

The social platform has suspended six sets of accounts across four jurisdictions for running alleged influence campaigns, including Iran. READ MORE HERE…

Read more

Threatpost 

Microsoft Pushes Azure Users to Patch Linux Systems

June 17, 2019 TH Author active exploit, Azure, Exim, Linux, linux flaw, Microsoft, virtual machine, Vulnerabilities, vulnerable server, Web Security, Worm

Microsoft is urging users to patch every Exim installation in their organization and make sure that they are updated to the most recent version, Exim version 4.92. READ MORE HERE…

Read more

Threatpost 

Millions of Linux Servers Under Worm Attack Via Exim Flaw

June 14, 2019 TH Author coin miner, critical flaw, cryptomining, CVE-2019-10149, Exim, Exim flaw, Linux, linux server, ongoing attacks, remote code execution, Vulnerabilities, Vulnerability, Web Security, worm attack

Attackers are exploiting a Linux Exim critical flaw to execute remote commands, download crypto miners and sniff out other vulnerable servers. READ MORE HERE…

Read more

Threatpost 

Evernote Critical Flaw Opened Personal Data of Millions to Attack

June 13, 2019 TH Author Chrome browser, critical vulnerability, cross site scripting attack, Evernote, Evernote extension, Proof of Concept, Vulnerabilities, Web Security

Evernote’s web clipper extension for Chrome is vulnerable to a critical flaw that could have exposed the data of more than 4.6 million users. READ MORE HERE…

Read more

Threatpost 

Telegram CEO Fingers China State Actors for DDoS Attack

June 13, 2019 TH Author China, DDoS, Government, hong kong protests, Pavel Durov, secure messaging, state actors, Telegram, twitter, Web Security

Durov took to Twitter to hint that Beijing tried to take Telegram offline to disrupt the Hong Kong protests. READ MORE HERE…

Read more

Threatpost 

Fishwrap Campaign Sways Social Media Users with Old News

June 12, 2019 TH Author Facebook, fishwrap, influence operations, old news, Recorded Future, social media, URL shorteners, Web Security

215 accounts use the same family of special URL shorteners to track the effectiveness of the operation. READ MORE HERE…

Read more

Threatpost 

Data Breach Disclosed by Online Invitation Firm Evite

June 12, 2019 TH Author breach, dark web, Data, data breach, elite, Emuparadise, hack, passwords, security incident, Web Security

Evite’s data breach, stemming from an “inactive data storage file,” is only one of many breaches to be disclosed this week. READ MORE HERE…

Read more

Threatpost 

Microsoft Patches Four Publicly-Known Vulnerabilities

June 11, 2019 TH Author elevation of privilege, june patch tuesday, Microsoft, microsoft patch tuesday, patch tuesday, Publicly Know Vulnerabilities, Vulnerabilities, Web Security, Windows, Windows Shell

In total, 88 unique vulnerabilities were patched as part of Microsoft’s June Patch Tuesday security bulletin. READ MORE HERE…

Read more