Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity. The backdoor, which is believed to have existed since version … [Read more...] about Researchers Find Backdoor in School Management Plugin for WordPress
how to hack
Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild
Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution. "A successful … [Read more...] about Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild
Cytrox’s Predator Spyware Targeted Android Users with Zero-Day Exploits
Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical … [Read more...] about Cytrox’s Predator Spyware Targeted Android Users with Zero-Day Exploits
New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars
A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a … [Read more...] about New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars
Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to breach high-value targets," Swiss cybersecurity company PRODAFT said in a new … [Read more...] about Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
UpdateAgent Returns with New macOS Malware Dropper Written in Swift
A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. "Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server," researchers … [Read more...] about UpdateAgent Returns with New macOS Malware Dropper Written in Swift
Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF
A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) … [Read more...] about Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF
Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off
Ever thought about working full-time in cybersecurity? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications. The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle helps you collect the full house, … [Read more...] about Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off
SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices
SonicWall has published an advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below - CVE-2022-22282 (CVSS score: 8.2) - … [Read more...] about SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices
Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects
Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this … [Read more...] about Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects