Web Security

High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
Posted on Thursday August 13, 2020

The cross-site scripting flaw could enable arbitrary code execution, information disclosure - and even account takeover.

Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
Posted on Tuesday August 11, 2020

One of the two zero-day bugs is rated ‘critical’ and is classified as a remote code-execution bug impacting Microsoft’s Internet Explorer.

Researcher Publishes Patch Bypass for vBulletin 0-Day
Posted on Tuesday August 11, 2020

Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.

Google Chrome Browser Bug Exposes Billions of Users to Data Theft
Posted on Monday August 10, 2020

The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.

DDoS Attacks Cresting Amid Pandemic
Posted on Monday August 10, 2020

Attacks were way up year-over-year in the second quarter as people continue to work from home.

TeamViewer Flaw in Windows App Allows Password-Cracking
Posted on Monday August 10, 2020

Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims' passwords.

Attackers Horn in on MFA Bypass Options for Account Takeovers
Posted on Friday August 07, 2020

Legacy applications don't support modern authentication -- and cybercriminals know this.

Augmenting AWS Security Controls
Posted on Friday August 07, 2020

Appropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches.

Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem
Posted on Thursday August 06, 2020

An inside look at how nation-states use social media to influence, confuse and divide -- and why cybersecurity researchers should be involved.

Canon Admits Ransomware Attack in Employee Note, Report
Posted on Thursday August 06, 2020

The consumer-electronics giant has suffered partial outages across its U.S. website and internal systems reportedly, thanks to the Maze gang.

©2019 WiredZero.com