Demo and Security - Information Management Today

Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack

Security Affairs

FEBRUARY 17, 2020

A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site. Experts from the security firm WebARX have discovered a serious flaw in the WordPress theme plugin ThemeGrill Demo Importer with over 200,000 active installs.

GDPR

GDPR Authentication Access Security

ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE

Security Affairs

JUNE 22, 2021

ATTACK DEMO. You can see a demo of the ‘Adversarial Octopus’ targeted attack below. Original post at: Face Recognition Attack Demo: Adversarial Octopus. The post ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE appeared first on Security Affairs. Pierluigi Paganini.

Authentication

Authentication Government IT Security

Demo of AES GCM Misuse Problems

Schneier on Security

JUNE 14, 2024

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode.

Security

Security Encryption

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Security Affairs newsletter Round 320

Security Affairs

JUNE 27, 2021

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 320 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! If you want to also receive for free the international press subscribe here.

Security

Security Ransomware Data breaches Communications

How to Package and Price Embedded Analytics

Just by embedding analytics, application owners can charge 24% more for their product. How much value could you add? This framework explains how application enhancements can extend your product offerings. Brought to you by Logi Analytics.

Analytics

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

NOVEMBER 9, 2020

11 out of 16 targets cracked with 23 successful demos: Chrome, Safari, FireFox Adobe PDF Reader Docker-CE, VMware EXSi, Qemu, CentOS 8 iPhone 11 Pro+iOS 14, GalaxyS20 Windows 10 2004 TP-Link, ASUS Router — TianfuCup (@TianfuCup) November 8, 2020. Many mature and hard targets have been pwned on this year’s contest. Pierluigi Paganini.

Security

Security Government Information Security IT

Zoom client for Windows could allow hackers to steal users’Windows password

Security Affairs

APRIL 1, 2020

Security experts and privacy advocates believe that the Zoom is an efficient online video communication platform, but evidently it has some serious privacy and security solutions. The first expert to warn about the security flaw goes online with the handle Mitch ( @_g0dmode ). — Mitch (@_g0dmode) March 23, 2020.

Passwords

Passwords Communications Privacy Security

A zero-day flaw allows to run arbitrary commands on macOS systems

Security Affairs

SEPTEMBER 21, 2021

Security researchers disclosed a new zero-day flaw in Apple’s macOS Finder that can allow attackers to run arbitrary commands on Macs. According to the SSD Secure Disclosure advisory, the commands it runs can be local to the macOS allowing the execution of arbitrary commands by the user without any prompts. Pierluigi Paganini.

Security

Security IT Information Security

FragAttacks vulnerabilities expose all WiFi devices to hack

Security Affairs

MAY 12, 2021

Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years. Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked as FragAttacks, that affect WiFi devices exposed them to remote attacks.

Encryption

Encryption Paper Security Authentication

One Malicious Link Unlocks Alexa's Voice History

Data Breach Today

AUGUST 17, 2020

Amazon Has Patched the Issues, Says Demo Video Is Misleading Researchers at Check Point developed a one-click attack against Amazon's popular voice-controlled assistant Alexa that could reveal a user's voice history or personal information. Amazon has fixed the web application security flaws but says Check Point's demo video is misleading.

Security

Google releases Spectre PoC code exploit for Chrome browser

Security Affairs

MARCH 14, 2021

Below the description of the demo published on a site set up by Google to host the PoC code. “This demo is split into three parts: Calibrating the timer to observe side effects of the CPU’s speculative execution. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Metadata

Metadata Encryption Authentication Security

Researcher hacked Apple AirTag two weeks after its launch

Security Affairs

MAY 11, 2021

Apple AirTag has been launched less than two weeks ago, but a security researcher already claims to have hacked them. . “The German security researcher Stack Smashing tweeted today ( via The 8-bit ) that he was able to “break into the microcontroller of the AirTag” and modified elements of the item tracker software.”

IT

IT Security Access Cybersecurity

VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest

Security Affairs

DECEMBER 13, 2022

A working exploit for the CVE-2022-31705 vulnerability was demonstrated by Ant Security researcher Yuhao Jiang during the Geekpwn, a hacking contest run by the Tencent Keen Security Lab. Here is my demo of the VM escape exploit on the latest version of VMware Fusion along with ESXi and Workstation. ” states the advisory.

Authentication

Authentication Access Security IT

Black Hat 2022 Opens Today With Focus on Emerging Threats

Data Breach Today

AUGUST 10, 2022

Ransomware, New Tactics and Geopolitical Threats Among the Key Conference Topics Black Hat 2022 kicks off today with security experts sharing cutting-edge research and insights through demos, technical trainings and hands-on labs.

Ransomware

Ransomware Risk Security

[Live Demo] Boost Your Email Security Defense - PhishER Plus to the Rescue!

KnowBe4

AUGUST 11, 2023

Join us for a live 30-minute demo of PhishER Plus! See how the platform uses crowdsourced intelligence to block known threats.

Security

Security Phishing

Researcher Posts Demo of BlueKeep Exploit of Windows Device

Data Breach Today

JUNE 6, 2019

Meanwhile, NSA Issues Alert Stressing Urgency of Patching A security researcher has posted a demonstration showing how an attacker could exploit the BlueKeep vulnerability to take over a Windows device in a matter of seconds.

Security

M1RACLES, the unpatchable bug that impacts new Apple M1 chips

Security Affairs

MAY 27, 2021

A security expert has discovered a vulnerability in Apple M1 chips, dubbed M1RACLES, that cannot be fixed. A demo app to access this register is available here.” The post M1RACLES, the unpatchable bug that impacts new Apple M1 chips appeared first on Security Affairs. ” said Hector Martin. Pierluigi Paganini.

Access

Access Risk Security IT

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

a demo for anti-virus software, VPN, music players, photo editing or online games) to hijack the channel of YouTube creators. The post YouTube creators’ accounts hijacked with cookie-stealing malware appeared first on Security Affairs. Below are the job descriptions used to recruit the hackers. Pierluigi Paganini.

Phishing

Phishing Archiving Encryption Passwords

Adobe fixes critical flaws in Magento, patch it immediately

Security Affairs

AUGUST 11, 2021

Adobe security updates for August 2021 have addressed critical vulnerabilities in Magento and important bugs in Adobe Connect. Adobe security updates for August 2021 address a total of 29 flaws, including critical vulnerabilities in Magento and important issues in Adobe Connect: APSB21-64 Security?updates updates available?for

IT

IT Authentication Security Cybersecurity

Vulnerabilities in car alarm systems exposed 3 million cars to hack

Security Affairs

MARCH 9, 2019

Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack. Both products allow anyone to create a test/demo account. With that demo account it’s possible to access any genuine account and retrieve their details, ” states Pen Test Partners.

Authentication

Authentication IoT Manufacturing Passwords

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KnowBe4

JULY 9, 2024

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Security awareness

Security awareness Phishing Security IT

Phemedrone info stealer campaign exploits Windows smartScreen bypass

Security Affairs

JANUARY 15, 2024

The vulnerability was addressed by Microsoft with the release of Patch Tuesday security updates for November 2023. The vulnerability is a Windows SmartScreen Security Feature Bypass issue. After public disclosure of the vulnerability, multiple demos and proof-of-concept codes have been published on social media.

Archiving

Archiving Phishing Ransomware Cloud

SentinelOne released free decryptor for ThiefQuest ransomware

Security Affairs

JULY 8, 2020

Early July, security expert K7 Lab malware researcher Dinesh Devadoss uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected machine. macOS ransomware #decryptor ( #EvilQuest )! Pierluigi Paganini.

Ransomware

Ransomware Encryption Security IT

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KnowBe4

AUGUST 31, 2023

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Security awareness

Security awareness Phishing Security IT

Russia-linked Fronton botnet could run disinformation campaigns

Security Affairs

MAY 23, 2022

” reads the analysis published by the security firm NISOS. Nisos assessed that this is possibly a testing or demo instance, and is not currently used by the FSB.” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. ru to 0day[.]llc.

IoT

IoT Sales Security Cybersecurity

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KnowBe4

SEPTEMBER 29, 2023

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Security awareness

Security awareness Phishing Security IT

Google addressed another Chrome zero-day exploited at Pwn2Own in March

Security Affairs

APRIL 3, 2024

Palo Alto Networks security researchers Edouard Bochin and Tao Yan demoed the zero-day on the second day of Pwn2Own Vancouver 2024 to defeat V8 hardening. The exploitation can lead to the disclosure of sensitive information or a crash. “The Stable channel has been updated to 123.0.6312.105/.106/.107

Access

Access Security IT Information Security

Security firm released Singularity, an open source DNS Rebinding attack tool

Security Affairs

AUGUST 21, 2018

Security firm NCC Group has released an open source tool for penetration testing dubbed Singularity of Origin that allows carrying out DNS rebinding attacks. During recent security assessments, we’ve seen applications running on the localhost interface or exposing services on an internal network without authentication.

Security

Security Authentication Communications Cybersecurity

Expert released PoC exploit for Microsoft Exchange flaw

Security Affairs

MAY 3, 2021

Security researcher released technical details and a PoC code for a high-severity vulnerability in Microsoft Exchange Server reported by the NSA. National Security Agency (NSA). No one organization can secure their networks alone” states the NSA. NSA values partnership in the cybersecurity community. Pierluigi Paganini.

Authentication

Authentication Cybersecurity Security Risk

Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts

Security Affairs

FEBRUARY 19, 2020

Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions. The post Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts appeared first on Security Affairs.

GDPR

GDPR Sales Authentication IT

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KnowBe4

NOVEMBER 29, 2023

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Security awareness

Security awareness Phishing Security IT

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KnowBe4

OCTOBER 26, 2023

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Security awareness

Security awareness Phishing Security IT

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KnowBe4

JANUARY 4, 2024

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Security awareness

Security awareness Phishing Security IT

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KnowBe4

JUNE 6, 2022

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Security awareness

Security awareness Phishing Security IT

Samsung fixes a zero-click issue affecting its phones

Security Affairs

MAY 7, 2020

Samsung addressed this month a critical 0-click vulnerability that was discovered by security researchers from Google. Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. ” continues the report. ” concludes the report.

IT

IT Libraries Security Access

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

Researchers form mobile security firm iVerify reported that the issue stems from a pre-installed Android app called “Showcase.apk,” which runs with excessive system privileges, allowing it to remotely execute code and install remote package. ” reads the report.

Retail

Retail Data breaches Sales Passwords

Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites

Security Affairs

MARCH 30, 2021

On March 28, 2021, Astra Security Threat Intelligence Team responsibly disclosed a vulnerability in Ivory Search, a WordPress Search Plugin installed on over 60,000 sites. This security vulnerability could be exploited by an attacker to perform malicious actions on a victim’s website. Take an Astra demo today. immediately.

Security awareness

Security awareness Marketing Security Cybersecurity

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

The post A Google Drive weakness could allow attackers to serve malware appeared first on Security Affairs. .” The researchers reported the issue to Google and shared his findings with TheHackerNews that published the following videos that show how to exploit the weakness. ” reads the post published by THN. . Pierluigi Paganini.

Phishing

Phishing Authentication Cloud IT

Crooks are attempting to take over tens of thousands of WordPress sites

Security Affairs

FEBRUARY 29, 2020

Experts at WordPress security firm Defiant reported three zero-day vulnerabilities in WordPress plugin under active exploitation. ” The development teams behind the Async JavaScript and 10Web Map Builder for Google Maps have already issued security updates to address the zero-day flaws. Pierluigi Paganini.

Authentication

Authentication GDPR Access IT

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site

Security Affairs

JUNE 10, 2022

In response to the security breach, the IT infrastructure of the city was shut down. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Pierluigi Paganini.

Ransomware

Ransomware IT Data breaches Education

Expert discloses zero-click, wormable flaw in Microsoft Teams

Security Affairs

DECEMBER 8, 2020

Security expert disclosed technical details about a wormable, cross-platform flaw in Microsoft Teams that could allow stealth attacks. Security researcher Oskars Vegeris from Evolution Gaming has published technical details on a wormable, cross-platform vulnerability in the business communication platform Microsoft Teams.

Communications

Communications Personal data Phishing Access

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KnowBe4

FEBRUARY 1, 2024

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Security awareness

Security awareness Phishing Security IT

RCE in popular ThemeREX WordPress Plugin has been actively exploited

Security Affairs

MARCH 11, 2020

The plugin is currently installed on tens of thousands of websites and according to the security firm Wordfence the vulnerability has been actively exploited in the wild as a zero-day. The post RCE in popular ThemeREX WordPress Plugin has been actively exploited appeared first on Security Affairs. Pierluigi Paganini.

Authentication

Authentication GDPR Communications Access

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KnowBe4

JULY 26, 2023

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Security awareness

Security awareness Phishing Security IT

Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack

ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE

Webinars

Trending Sources

Demo of AES GCM Misuse Problems

Webinars

Security Affairs newsletter Round 320

How to Package and Price Embedded Analytics

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Zoom client for Windows could allow hackers to steal users’Windows password

A zero-day flaw allows to run arbitrary commands on macOS systems

FragAttacks vulnerabilities expose all WiFi devices to hack

One Malicious Link Unlocks Alexa's Voice History

Google releases Spectre PoC code exploit for Chrome browser

Researcher hacked Apple AirTag two weeks after its launch

VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest

Black Hat 2022 Opens Today With Focus on Emerging Threats

[Live Demo] Boost Your Email Security Defense - PhishER Plus to the Rescue!

Researcher Posts Demo of BlueKeep Exploit of Windows Device

M1RACLES, the unpatchable bug that impacts new Apple M1 chips

YouTube creators’ accounts hijacked with cookie-stealing malware

Adobe fixes critical flaws in Magento, patch it immediately

Vulnerabilities in car alarm systems exposed 3 million cars to hack

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Phemedrone info stealer campaign exploits Windows smartScreen bypass

SentinelOne released free decryptor for ThiefQuest ransomware

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Russia-linked Fronton botnet could run disinformation campaigns

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Google addressed another Chrome zero-day exploited at Pwn2Own in March

Security firm released Singularity, an open source DNS Rebinding attack tool

Expert released PoC exploit for Microsoft Exchange flaw

Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Samsung fixes a zero-click issue affecting its phones

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites

A Google Drive weakness could allow attackers to serve malware

Crooks are attempting to take over tens of thousands of WordPress sites

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site

Expert discloses zero-click, wormable flaw in Microsoft Teams

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

RCE in popular ThemeREX WordPress Plugin has been actively exploited

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Stay Connected