[ThreatPost] All in One SEO Plugin Bug Threatens 3M Websites with Takeovers

A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.

Source: Read More (Threatpost)

You might be interested in …

[HackerNews] 3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company

All posts, HackerNews

The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. The trio in question — Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40 — are accused of “knowingly and […]

Read More

[TheRecord] Proofpoint drops lawsuit, transfers phishing domains to Facebook

Cyber-security firm Proofpoint has dismissed its lawsuit against Facebook and has agreed to transfer a series of disputed web domains to the social networking giant, The Record has learned today. The domains were previously part of ProofPoint’s phishing awareness training platform ThreatSim. Registered years before and mimicking Facebook and Instagram brands, Proofpoint had been using the domains […]

Read More

[TheRecord] Malware found preinstalled in classic push-button phones sold in Russia

A security researcher has discovered malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores. In a report published this week by a Russian security researcher named ValdikSS, push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were caught subscribing users to premium SMS services and intercepting incoming SMS messages to […]

Read More