Critical flaws in Orbit Fox WordPress plugin allows site takeover

Two vulnerabilities in the Orbit Fox WordPress plugin, a privilege-escalation issue and a stored XSS bug, can allow site takeover. Security experts from Wordfence have discovered two security vulnerabilities in the Orbit Fox WordPress plugin. The flaws are a privilege-escalation vulnerability and a stored XSS bug that impacts over 40,000 installs. The Orbit Fox plugin … Continue reading Critical flaws in Orbit Fox WordPress plugin allows site takeover

Google fixed a critical Remote Code Execution flaw in Android

Google released an Android security update that addressed tens of flaws, including a critical Android remote code execution vulnerability. Google released an Android security update that addresses 43 flaws, including a critical remote code execution vulnerability in the Android System component tracked as CVE-2021-0316. Google addressed the flaws with the release of Security patch levels … Continue reading Google fixed a critical Remote Code Execution flaw in Android

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The vulnerability received a CVSS score of 7.8, it could be exploited … Continue reading Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

US-CERT Reports 17,447 Vulnerabilities Recorded in 2020

This marks the fourth year in a row that a record number of vulnerabilities has been discovered, following 17,306 in 2019. The US-CERT Vulnerability Database has confirmed 17,447 vulnerabilities were recorded in 2020, marking the fourth consecutive year with a record number of security flaws published. On Dec. 15, 2020, officials reported 4,168 high-severity vulnerabilities, … Continue reading US-CERT Reports 17,447 Vulnerabilities Recorded in 2020

Malicious or Vulnerable Docker Images Widespread, Firm Says

A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious. More than half of the latest images available on Docker Hub have critical vulnerabilities from outdated software, while thousands of images are attack tools or … Continue reading Malicious or Vulnerable Docker Images Widespread, Firm Says