Month: November 2020

Top Software Testing Services

2FA Bypass Flaw Reported in cPanel and WHM Software

Security researchers from Digital Defense have found a significant security problem in cPanel, a common software suite that facilitates the management of a web hosting server. Attackers could exploit the flaw to bypass two-factor authentication (2FA) for cPanel accounts and manage the associated websites and conduct a brute force attack to infiltrate user accounts. Such…
Read more

Lazarus abuses authentic security feature in a supply-chain attack

Lazarus, also known as Hidden Cobra, is an umbrella term for select threat groups- including offshoot entities – suspected of being tied to North Korea. Thought to be responsible for Sony’s infamous 2014 hack, Lazarus has also been connected to hacks using zero-day vulnerabilities, LinkedIn phishing messages, and the deployment of Trojans in campaigns including Dacls and Trickbot. ESET researchers…
Read more

Vulnerability in the Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers

A weakness in the Cisco IOS XR Software Input Packet Processing Feature for Cisco ASR 9000 Series Aggregation Services Routers may allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. According to its self-reported version, IOS-XR is affected by a denial of service (DoS) vulnerability in the…
Read more

Oracle Security Alert for CVE-2020-14750

This Security Alert addresses CVE-2020-14750, a vulnerability in Oracle WebLogic Server for remote code execution. This vulnerability is identified with CVE-2020-14882, which was tended to in the October 2020 Critical Patch Update.  It is remotely exploitable without authentication, i.e., might be misused over an organization without the requirement for a username and password. The Security Alert Advisory is…
Read more

KashmirBlack Botnet Targets Content Management Systems

KashmirBlack Botnet targets CMS vulnerabilities

Imperva security researchers discovered a botnet that exploits vulnerabilities in the underlying content management systems of websites and then uses these compromised servers to mine for cryptocurrencies or deliver more spam to victims. The botnet, which the researchers dubbed KashmirBlack, began operating in November 2019 and since then infiltrated thousands of websites by targeting vulnerabilities…
Read more