Critical WordPress Flaw Grants Admin Access to Any Registered Site User
The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website. Source: www.threatpost.com
Vulnerabilities
Lock-Screen Bypass Bug Quietly Patched in Handsets
The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds. Source: www.threatpost.com
Connected Wristwatch Allows Hackers to Stalk, Spy On Children
“Our advice is to stop using this watch” as mitigations are not available, researchers told Threatpost. Source: www.threatpost.com
Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers
Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities. Source: www.threatpost.com
Siemens Patches Firewall Flaw That Put Operations at Risk
The industrial company on Tuesday released mitigations for eight vulnerabilities overall. Source: https://threatpost.com
Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2
Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack. Source: https://threatpost.com
Unpatched Android OS Flaw Allows Adversaries to Track User Location
The vulnerability is one of many with the same root cause: Cross-process information leakage. Source: www.threatpost.com
Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC
Overall, the company released only three patches as part of its regularly-scheduled November update. Source: www.threatpost.com
Recently-Patched Adobe ColdFusion Flaw Exploited By APT
The critical vulnerability, which was patched earlier in September, has put ColdFusion servers at risk. Source: https://threatpost.com
Embracing the Cybersecurity ‘Grey Space’
Security teams carefully monitor potential threat activity, but incidents aren’t always black and white. Source: www.threatpost.com