Security flaw in popular proxy service leaves 50,000 hosts vulnerable

Security flaw in popular proxy service leaves 50,000 hosts vulnerable

More than half of Tinyproxy service hosts are running a flawed version which hackers could use in remote code execution attacks, a new report from researchers from Cisco Talos has claimed. Tinyproxy is a lightweight HTTP/HTTPS proxy server commonly used to improve internet access speed by caching frequently accessed web pages, filtering out unwanted content, … Read more

Over a billion users could be at risk from keyboard logging app security flaw

Over a billion users could be at risk from keyboard logging app security flaw

Almost a billion mobile users, holding various devices, could have had their communications revealed to malicious third parties, a report from cybersecurity researchers Citizen Lab claims. It says different device manufacturers have used different keyboard apps which were relaying unencrypted communications, transmitting keystrokes via plaintext, and similar. Tencent QQ Pinyin, Baidu IME, iFlytek IME, Samsung … Read more

Microsoft says Russian hackers are exploiting an ancient printer security flaw

Microsoft says Russian hackers are exploiting an ancient printer security flaw

Russian state-sponsored threat actors were observed abusing an old printer vulnerability to drop custom malware on target endpoints. The malware helped them exfiltrate sensitive data and login credentials. This is according to a new report from Microsoft Threat Intelligence, published earlier this week. As per the report, since mid-2019, a group known as Fancy Bear … Read more

A critical security flaw could affect thousands of WordPress sites

A critical security flaw could affect thousands of WordPress sites

Hundreds of thousands of WordPress websites are vulnerable to a critical severity flaw which allows threat actors to upload malware to the site through a bug in a plugin.  As reported by BleepingComputer, Japan’s CERT recently found a critical severity flaw (9.8) in the Forminator plugin, built by WPMU DEV. The flaw, now tracked as … Read more

Major Palo Alto security flaw is being exploited via Python zero-day backdoor

Major Palo Alto security flaw is being exploited via Python zero-day backdoor

For weeks now, unidentified threat actors have been leveraging a critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software, running arbitrary code on vulnerable firewalls, with root privilege.  Multiple security researchers have flagged the campaign, including Palo Alto Networks’ own Unit 42, noting a single threat actor group has been abusing a vulnerability called command … Read more

BMC flaw left unchecked for 6 years hits Intel and Lenovo servers

BMC flaw left unchecked for 6 years hits Intel and Lenovo servers

The lack of communication that happened six years ago resulted in thousands of devices being vulnerable to a remotely exploitable heap out-of-bounds (OOB) read vulnerability – today. Among the vulnerable devices are Intel and Lenovo servers. Here is what happened: Six years ago, the maintainers of Lighttpd discovered the above-mentioned flaw, which could allow threat … Read more

Another top WordPress plugin has a serious security flaw — patch now to keep your website safe

A critical security flaw could affect thousands of WordPress sites

Another major WordPress plugin was found vulnerable to a high-severity flaw which allowed malicious actors to steal sensitive information from the website, including password hashes. LayerSlider has published a new security advisory, saying the product is now in version 7.10.1, but adding, “This update includes important security fixes.” While the announcement does not detail the … Read more

An ancient Linux flaw might be opening up users to dangerous cyberattacks

An ancient Linux flaw might be opening up users to dangerous cyberattacks

Many versions of Linux may be vulnerable to a flaw that allowed hackers to steal passwords, or change the contents of their clipboard. The vulnerability, however, comes with a major caveat that makes exploitations somewhat unlikely (or at least heavily limited). Cybersecurity researcher Skyler Ferrante recently discovered an “improper neutralization of escape sequences in wall” … Read more

Ray framework flaw exploited for hackers to breach servers

Ray framework flaw exploited for hackers to breach servers

The Ray framework, an open source tool for AI and Python workload scaling, is vulnerable to half a dozen flaws that allow hackers to hijack the devices and steal sensitive data.  This is according to cybersecurity researchers from Oligo, who published their findings on a new hacking campaign they dubbed “ShadowRay”.  Apparently active since early … Read more