Exploits for Social Warfare WordPress Plugin Reach Critical Mass

More and more attacks taking advantage of a XSS and RCE bug in the popular plugin have cropped up in the wild. from Web Security – Threatpost https://threatpost.com/exploits-social-warfare-wordpress/144051/

FBI: BEC Scam Losses Almost Double To Reach $1.2 Billion

Overall, in 2018 the FBI received more than 351k reported scams with losses exceeding $2.7 billion. from Web Security – Threatpost https://threatpost.com/fbi-bec-scam-losses-double/144038/

Microsoft’s Latest Patch Hoses Some Antivirus Software

McAfee, Sophos and Avast are among the antivirus software suites impacted. from Web Security – Threatpost https://threatpost.com/microsofts-latest-patch-hoses-some-antivirus-software/143978/

Shopify Flaw Exposed Thousands of Merchants’ Revenue, Traffic Numbers

The flaw, which existed in a Shopify API endpoint, has been patched. from Web Security – Threatpost https://threatpost.com/shopify-flaw-exposed-merchant-revenue-traffic/143902/

Poll: Facebook Harvests Email Contacts for 1.5M Users – Is Enough, Enough?

Take our short poll on how far Facebook can push its luck. from Web Security – Threatpost https://threatpost.com/facebook-harvests-email-contacts/143915/

Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug

The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug. from Web Security – Threatpost https://threatpost.com/easter-attack-apple-ios/143901/

ThreatList: Bad Bots Account for a Fifth of All Web Traffic, FinServ Hit the Worst

The financial services industry sees nearly half of all website traffic coming from malicious bots. from Web Security – Threatpost https://threatpost.com/bad-bots-web-traffic-finserv/143859/

RatVermin Spyware Targets Ukraine Gov Agencies

Researchers are pinning a recent phishing campaign against Ukraine government agencies on the Luhansk People's Republic, a proto-state in eastern Ukraine which declared independence in 2015. from Web Security – Threatpost https://threatpost.com/ratvermin-spyware-targets-ukraine-gov-agencies/143827/

TicTocTrack Smartwatch Flaws Can Be Abused to Track Kids

A popular Australian smartwatch's tracking capabilities expose its user's locations, personal data and more. from Web Security – Threatpost https://threatpost.com/tictoctrack-smartwatch-flaws-track-kids/143791/

Authentication Bypass Bug Hits Top Enterprise VPNs

Business users of Cisco, F5 Networks, Palo Alto Networks and Pulse Secure platforms are impacted, according the U.S. government. from Web Security – Threatpost https://threatpost.com/authentication-bypass-bug-enterprise-vpns/143781/

WordPress Yellow Pencil Plugin Flaws Actively Exploited

Yet another Wordpress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered. from Web Security – Threatpost https://threatpost.com/wordpress-yellow-pencil-plugin-exploited/143729/

ThreatList: Tax Scammers Launch a Raft of Fake Mobile Apps

Convincing phishing pages and millions of suspicious apps are plaguing tax season. from Web Security – Threatpost https://threatpost.com/threatlist-tax-scammers-launch-a-raft-of-fake-mobile-apps/143728/

WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild. from Web Security – Threatpost https://threatpost.com/wordpress-urges-users-to-uninstall-yuzo-plugin-after-flaw-exploited/143710/

SAS 2019: Gaza Cybergang Blends Sophistication Levels in Highly Effective Spy Effort

The SneakyPastes campaign was highly effective but hardly advanced. from Web Security – Threatpost https://threatpost.com/sas-2019-gaza-cybergang-blends-sophistication-levels-in-highly-effective-spy-effort/143546/

Adobe Fixes 24 Critical Flaws in Acrobat Reader, Flash, Shockwave Player

During its regularly scheduled April security update, Adobe overall issued 43 patches, including ones for 24 critical vulnerabilities in eight of its products. from Web Security – Threatpost https://threatpost.com/adobe-fixes-24-critical-flaws-in-acrobat-reader-flash-shockwave-player/143632/

Verizon Router Command Injection Flaw Impacts Millions

A high-severity flaw in the Verizon Fios Quantum Gateway, used in millions of U.S. homes, could allow for command injection. from Web Security – Threatpost https://threatpost.com/verizon-quantum-gateway-command-injection-flaw-impacts-millions/143606/

TP-Link Routers Vulnerable to Zero-Day Buffer Overflow Attack

Consumer router models allowed authenticated users to take unrestricted remote control over TL-WR940N and TL-WR941ND routers. from Web Security – Threatpost https://threatpost.com/tp-link-routers-vulnerable-to-zero-day-buffer-overflow-attack/143575/