attacker Archives - Cyber Security Minute

GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability

Issued by: Security Week

The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions. The security hole was discovered by Kevin Backhouse of the GitHub Security Lab. On Thursday, the researcher published a blog post detailing his findings, as well as a video showing the…

Vulnerabilities

Actively Exploited Zero-Day Found in WordPress Plugin Used by Many Online Stores

Issued by: Security Week

Fancy Product Designer is a premium plugin for online stores that provides users with the ability to customize products with images and PDF files uploaded from various devices. The plugin provides various other customization options as well. This week, Wordfence discovered that threat actors are targeting an unpatched critical vulnerability in Fancy Product Designer. The…

Vulnerabilities

Cisco Working on Patch for Code Execution Vulnerability in VPN Product

Issued by: Security Week

The Cisco AnyConnect Secure Mobility Client is designed to provide secure VPN access for remote workers. According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script. The vulnerability is related to…

Vulnerabilities

Information Disclosure, XSS Vulnerabilities Patched in Drupal

Issued by: Security Week

The most serious of the flaws is CVE-2020-13668, a critical XSS issue affecting Drupal 8 and 9. It’s worth noting that Drupal uses the NIST Common Misuse Scoring System to determine security risk levels and critical is the second highest level, after highly critical. The issue is a reflected XSS and exploitation is only possible…

Vulnerabilities

WordPress ‘File Manager’ Plugin Patches Critical Zero-Day Exploited in Attacks

Issued by: Security Week

Designed to provide WordPress site admins with copy/paste, edit, delete, download/upload, and archive functionality for both files and folders, File Manager has over 700,000 active installs. Assessed with a CVSS score of 10, the recently identified critical security flaw could have allowed an attacker to upload files and execute code remotely on an affected site,…