Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jun 22, 2023

=> Gemini Articles of Interest | Today in Techrights

Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites

=> ↺ Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites

Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations.

Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws

=> ↺ Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws

Enphase Energy has ignored CISA requests to fix remotely exploitable vulnerabilities in Enphase products.

Why Malware Crypting Services Deserve More Scrutiny

=> ↺ Why Malware Crypting Services Deserve More Scrutiny

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or "crypt" your malware so that it appears benign to antivirus and security products. In fact, the process of "crypting" malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?

=> ↺ Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?

Why are there so many vulnerabilities in Chrome? Is it realistically safe to use? Can Google do anything to make the web browser safer?

DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors

=> ↺ DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors

New National Security Cyber Section will help the US disrupt and prosecute nation-state threat actors and state-sponsored cybercriminals.

Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari, (Thu, Jun 22nd)

=> ↺ Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari, (Thu, Jun 22nd)

Apple released iOS, macOS, and watchOS updates, patching three vulnerabilities already being exploited. Two vulnerabilities affect WebKit, leading to a Safari patch for older operating systems. The two WebKit issues (CVE-2023-32439 and CVE-2023-32435) can be used to execute arbitrary code as a user visits a malicious web page. The third vulnerability, CVE-2023-32434, can be used to elevate privileges after the initial code execution.

=> gemini.tuxmachines.org