Category: Uncategorized
-

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution [email protected] (The Hacker News)
A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024. Arising due to missing input validation…
-
Versa Director Dangerous File Type Upload Vulnerability (CVE-2024-39717)
What is the Vulnerability?The Versa Director GUI contains a zero-day dangerous file type upload vulnerability (CVE-2024-39717) that allows attackers to upload potentially malicious files, granting them system administrator access. This flaw effects the “Change Favicon” (Favorite Icon) option that can be misused to upload a malicious file ending with .png extension to masquerade as an…
-

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users [email protected] (The Hacker News)
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts “almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the…
-
How to use Tor — and whether you should — in your enterprise
Post ContentRead More
-
Cribl Raises $319 Million at $3.5 Billion Valuation Ionut Arghire
The IT and data security firm raises $319 million in a Series E round led by Google Ventures and is now valued at $3.5 billion. The post Cribl Raises $319 Million at $3.5 Billion Valuation appeared first on SecurityWeek. Read More
-
Contact center outsourcing: What businesses need to know
Post ContentRead More
-

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors [email protected] (The Hacker News)
The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet service provider (ISP), managed service provider (MSP) and information technology (IT) sectors as…
-
Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites Ionut Arghire
A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server. The post Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites appeared first on SecurityWeek. Read More
-

CTEM in the Spotlight: How Gartner’s New Categories Help to Manage Exposures [email protected] (The Hacker News)
Want to know what’s the latest and greatest in SecOps for 2024? Gartner’s recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year’s report: Threat Exposure Management, Exposure Assessment Platforms (EAP),…
-
When Convenience Costs: CISOs Struggle With SaaS Security Oversight Kevin Townsend
SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to, nor oversight from, the security team. The post When Convenience Costs: CISOs Struggle With SaaS Security Oversight appeared first on SecurityWeek. Read More
