Read Time:3 Second
Brit and Spaniard face 20 years behind bars if found guilty
Monthly Archives: April 2022
French Hospitals Cut Internet Connection After Data Raid
Ransomware attack attempted to destabilise Costa Rica, says outgoing president
Read Time:13 Second
Costa Rica’s outgoing president, Carlos Alvarado Quesada, has said that a ransomware attack on the government’s computer systems was an attempt to destabilise the country as it transitions to a new administration.
Read more in my article on the Hot for Security blog.
Bored Ape Yacht Club Customers Lose $3m in NFT Scam
Akamai’s new Hijacking Protector aims to block browser redirection
Read Time:40 Second
Aiming to reduce affiliate fraud and mitigate privacy risks, web and internet security company Akamai has released Audience Hijacking Protector, a cloud-based solution designed to minimize in-browser marketing frauds by blocking unwanted redirections like unauthorized ads and pop-ups.
Promising protection from possible revenue loss and disrupted customer experiences, the new hijacking protector, generally available now, offer features to defend against unwanted redirection of customers to competing and malicious websites.
“The browser is often an ignored area for application behavior control,” says Patrick Sullivan, CTO of security strategy at Akamai. “But in-browser protections are a key area for effective business and security controls. Audience Hijacking Protector gathers unique data that generates actionable insights to maximize revenue opportunities and minimize fraud.”
Kansas Hospital Discloses Data Breach
Read Time:4 Second
Email accounts compromised for nearly a year in breach impacting 52,224 people
USN-5387-1: Barbican vulnerabilities
Read Time:10 Second
Douglas Mendizábal discovered that Barbican incorrectly handled access
restrictions. An authenticated attacker could possibly use this issue to
consume protected resources and possibly cause a denial of service.
(CVE-2022-23451, CVE-2022-23452)
CVE-2021-25111
Read Time:9 Second
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
CVE-2021-25094
Read Time:24 Second
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
CVE-2021-24957
Read Time:13 Second
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection