Tag Archive for: flaw

Flaw in WordPress caching plug-in could affect over 1 million sites

/in

A vulnerability in the popular WP Super Cache plug-in for WordPress could allow attackers to inject malicious scripts into websites. The scripts, when loaded by administrators, could trigger unauthorized actions.

WordPress websites are a popular target for hackers and many of them are compromised due to plug-in vulnerabilities. Just on Tuesday, the FBI warned that attackers sympathetic to the extremist group ISIS — also known as ISIL — have defaced many websites by exploiting known vulnerabilities in WordPress plug-ins.

The persistent cross-site scripting (XSS) flaw in WP Super Cache can be exploited by sending a specifically crafted query to a WordPress website with the plug-in installed, according to Marc-Alexandre Montpas, a senior vulnerability researcher at Web security firm Sucuri.

To read this article in full or to leave a comment, please click here

Network World Security

Flaw in common hotel router threatens guests’ devices

/in

Corporate travelers should be warned that a Wi-Fi router commonly used in hotels is easily compromised, putting guests passwords at risk and opening up their computers to malware infections and direct attacks.

The good news is that there is a patch for the flaw, but there is no guarantee affected hotels will install it right away.

+ More on Network World: 10 young security companies to watch in 2015 +

Cylance, a security vendor whose research team found the problem, says 277 InnGate routers in 29 countries are affected. The routers are made by ANTLabs.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Android security flaw puts millions of users at risk – Christian Science Monitor

/in

Threatpost

Android security flaw puts millions of users at risk
Christian Science Monitor
A vulnerability dubbed Android Installer Hijacking could expose users to malicious software designed to steal passwords and usernames from smartphones and tablets. By Joe Uchill, Staff writer March 24, 2015. close. A view of the permissions screen
Android Security Flaw is Putting Users at RiskMobile Enterprise
Half of Android Users Exposed to Attack via Installation VulnerabilityThreatpost
Patched Android flaw left third-party apps vulnerable to hijackingZDNet
myce.com –CNBC
all 34 news articles »

“android security” – read more

Android flaw puts personal data at risk for millions

/in

Nearly half of Android devices are vulnerable to an attack that could replace a legitimate app with malicious software that can collect sensitive data from a phone.

Google, Samsung and Amazon have released patches for their devices, but 49.5 percent of Android users are still vulnerable, according to Palo Alto Networks, which discovered the problem. Google said it has not detected attempts to exploit the flaw.

A malicious application installed using the vulnerability, called “Android Installer Hijacking,” would have full access to a device, including data such as usernames and passwords, wrote Zhi Xu, a senior staff engineer with Palo Alto.

To read this article in full or to leave a comment, please click here

Network World Security