Western Digital NAS owners were warned of critical flaws in the company’s My Cloud line of hardware that opened up data stored on those devices to attack.
Tag Archives: Vulnerabilities
New Fileless Attack Using DNS Queries to Carry Out PowerShell Commands
A unique attack called DNSMessenger uses DNS queries to carry out malicious PowerShell commands on compromised computers.
HackerOne Offers Open Source Projects Free Access to Platform
HackerOne announced a free version of its platform for open source projects.
Threatpost News Wrap, March 3, 2017
The news of the week is recapped, including the fallout around CloudBleed, the CloudPets breach, and a Slack token bug. The life of Howard Schmidt is also remembered.
Cisco Warns of High Severity Bug in NetFlow Appliance
Cisco is warning of a flaw that creates conditions susceptible to a DoS attack in its NetFlow Generation Appliance.
Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum
Cloudflare said it could not find evidence of malicious exploitation of the Cloudbleed vulnerability, even though the bug was triggered 1.2 million times.
Slack Fixes Cross-Origin Token Theft Bug
The cloud-based collaboration tool Slack was quick to fix a bug earlier this month that could have let an attacker steal a user’s private Slack token.
Million-Plus WordPress Sites Exposed by Vulnerable Plugin
The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.
Torvalds Downplays SHA-1 Threat to Git
The ramifications of the recent SHA-1 collision attack have extended to Git and the Apache Subversion repository, both of which rely on the outdated and vulnerable hashing algorithm.
Google Discloses Another ‘High Severity’ Microsoft Bug
Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in its Edge and Internet Explorer browsers.