Cybersecurity, the WordPress Starter Template plugin has a flaw
Wordfence: The vulnerability allows Contributor level users to completely overwrite any page on the site with malicious JavaScript.
Cybercrime, the VMware vCenter Servers are under attack
The critical vulnerability (CVE-2021-22005) is actively exploited to hit organizations worldwide with RCE. Install the patch now!
Cybersecurity, serious vulnerability on SolarWinds Serv-U
Yoroi: All versions up to 15.2.3 HF1 are involved and there have already been targeted cybercrime attacks. Update the systems now!
Cybersecurity, the PrintNightmare flaw has been patched in all Windows versions
Microsoft released the emergency security update KB5004948 for the Print Spooler critical zero-day vulnerability, the CVE-2021-34527.
Cybersecurity, disable the Windows Print Spooler service on servers not used for printing
The US CISA: An attacker could exploit the critical PrintNightmare zero-day vulnerability to take control of an affected system.
WordPress, critical vulnerability in Fancy Product Designer under active attack
Wordfence cybersecurity experts: The developer just released a patched version of the plugin, install it now!
Cyber Espionage, Pulse Connect Secure flaws exploited by APTs
FireEye cybersecurity experts: UNC2630 and UNC2717 use the CVE-2021-22893 to spy US and European government, defense, and financial organizations.
Cybersecurity, Zero-day exploit in Desktop Window Manager
It’s the CVE-2021-28310, discovered by Kaspersky and linked to escalation of privilege (EoP). It has just been patched, but cybercrime use it.
Cybersecurity: logic bug for Signal, Duo, Facebook Messenger, JioChat and Mocha
Natalie Silvanovich: The majority of video conferencing apps are implemented using WebRTC. A vulnerability let attackers spy on users.
Cybersecurity, BugTraq maybe won’t close
The whole Infosec community moved on Internet and Social Network to testify the importance of the mailing list. Then, Accenture spreaded an encouraging note.