New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites – Tempemail

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim’s web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been dubbed ALPACA, short for “Application Continue Reading

Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites – Tempemail

Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that’s being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence’s threat intelligence team, which discovered the flaw, said it reported the Continue Reading

Florida wants to ban social media sites from deplatforming political candidates- Tempemail

Republicans in Florida have approved legislation to punish social media companies for exercising their rights as private companies to ban and deplatform voices that violate their user guidelines. Governor Ron DeSantis, a loyal ally to Donald Trump – who was banned by Twitter and several other social media platforms in Continue Reading

PHP Site’s User Database Was Hacked In Recent Source Code Backdoor Attack – Tempemail

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. “We no longer believe the Continue Reading

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites – Tempemail

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution (RCE) without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported Continue Reading

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites – Tempemail

A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads. “The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft,” Sophos researchers Gabor Szappanos and Continue Reading

Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites – Tempemail

A malvertising group known as “ScamClub” exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug (CVE-2021–1801) that allowed malicious parties to bypass the Continue Reading

Facebook ‘still making money from anti-vax sites’ | Facebook

Facebook is allowing users to profit from the spread of potentially dangerous false theories and misinformation about the pandemic and vaccines, including deploying money-raising tools on pages with content flagged up by the social media giant’s own factcheckers. An investigation has found 430 pages – followed by 45 million people Continue Reading

Google refuses to answer questions about removing Australian news sites from search results | Australian media

Google has refused to answer questions on its secret trial of removing news sites from search results in Australia, with the treasurer, Josh Frydenberg, saying the company should focus on paying for news, not blocking it. Google blindsided news consumers and media outlets this week with a trial that removed Continue Reading

Google admits to running ‘experiments’ which remove some media sites from its search results | Google

Google has been hiding some Australian news sites from search results, in a move media outlets say is as a show of “extraordinary power” as the tech company bargains with the Australian government over financial payment for content. The Australian government is attempting to impose a new code on Google Continue Reading