WordPress: New plugin vulnerability. This time it’s up to Realia
Cybersecurity Help: The flaw (CWE-284) exists due to an IDOR issue. A threat actor could send a specially crafted request with the post ID to delete arbitrary posts.
Cybersecurity, Microsoft SharePoint server has a new vulnerability
UK NCSC experts: It’s the CVE-2020-16952. It can be exploited when a user uploads a specially crafted application package to an affected version of SharePoint.
Cyber security, new RCE flaw on Microsoft Exchange Server
The researcher Steven Seeley: It’s due to improper validation of cmdlet arguments. Exploitation requires an authenticated user in a certain role. Patches have been released.
Cyber Security, BootHole put Windows and Linux devices at risk
Eclypsium: It’s a vulnerability in the GRUB2 bootloader, that hit devices using Secure Boot. Attackers can install persistent and stealthy bootkits or malware.
Cyber security, huge vulnerability discovered in F5 BIG-IP technologies
Yoroi-Cybaze experts: The flaw, the CVE-2020-5902, is caused by gaps in the management of particular HTTP requests by the TMUI management interface.
Cyber Security, zero-day vulnerability in Cisco RV042 and RV042G routers
CyCognito experts: A Cross-Site Scripting (XSS) flaw gives cybercrime can take control of a router administrator’s web configuration utility. The issue has been fixed with a patch.
Cyber Security, 0-day vulnerability discovered on SOHO Netgear devices
Yoroi-Cybaze Experts: An attacker can execute arbitrary code on the target device by taking control of it without authentication. In addition, there is currently no patch.
Cyber Security, vulnerability in Cisco’s Unified CCX
Brenden Meeder of Booz Allen Hamilton discovered the flaw that could led a remote attacker without credentials to install malware on the targeted device. Install the patch now!
Cyber Security, Oracle: Update WebLogic Server ASAP!
Cybercrime is still exploiting the Remote Code Execution (RCE) CVE-2020-2883 vulnerability, patched un April, to launch waves of cyber attacks.
Cybercrime hit Windows 10 users thanks to a critical flaw
Microsoft confirmed “limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library”. The cyber security experts: Today there’s not available fix.