-
News for September 14, 2022
WordPress Privilege Escalation Exploitby Artie Kaye Users of the plugin WPGateway are being actively targeted. This tool is meant to help unify multiple plugins and give better access to administrator duties. The exploit allows for the insertion of an unauthorized admin profile. Compromised accounts have been found to have a new administrator login created named…
-
News for September 9, 2022
Cisco Not Patching End of Life Devicesby Artie Kaye While releasing patches for some of their current products, the company also stated that these products will no longer have security updates. RV110W Wireless-N VPN FirewallRV130 VPN RouterRV130W Wireless-N Multifunction VPN RouterRV215W Wireless-N VPN Router These products have a known security vulnerability and Cisco recommends replacing…
-
CISA Active Exploit List Updated September 8, 2022
by Artie Kaye The US Cybersecurity and Infrastructure Security Agency have added 12 items to their list of must address exploits. The date to fix by is September 29, 2022. As these are actively being used by attackers in the wild it is recommended to resolve the issues. Below are the CVE numbers, the companies,…
-
News for September 7, 2022
Zyxel Firmware Updateby Artie Kaye Good news regarding a flaw in Zyxel’s network attached storage devices, the vulnerability has been patched. The affected devices are: NAS326NAS540NAS542 If you are running, or believe you might be running these affected devices, contact your support team to get them fixed. The updates can be found on the Zyxel…
-
News for September 5, 2022
Cross Platform Ransomware Threat BianLianby Artie Kaye This malware targets a Microsoft Exchange Server Proxy vulnerability chain and SonicWall VPN devices to leverage access. The hackers can spend upwards of 6 weeks searching through systems before initiating encryption. It is capable of starting servers in safe mode before beginning the encryption. To be extra thorough,…