Developers at WordPress are encouraging users to upgrade to the latest version, 4.4.2, in order to resolve a handful of bugs and vulnerabilities in the content management system. The update pushed out on Tuesday addresses two main issues. Until yesterday an attacker could have potentially carried out a server-side request forgery (SSRF) attack that could...

Researchers are warning that some visitors to eBay.com could be tricked into opening a page on the site that could expose them to phishing attacks and data theft. The vulnerability exists in the site’s online sales platform, according to Roman Zaikin, a researcher with Check Point. With it, an attacker could bypass the site’s code validation...

After a good two to three years of relative silence, the gang behind the banking Trojan URLZone has become more active over the past few months and taken aim at banks across Europe and beginning last month, Japan. Attackers have begun sending spam emails with poisoned attachments to customers at 14 different Japanese banks, according...

Socat is the latest open source tool to come under suspicion that it is backdoored. Socat is a versatile command line utility that builds bi-directional communication streams and moves data between channels, including files, network pipes, serial connected devices, sockets or a combination of any of these. A security advisory published Monday warned that the...

As more devices are connected to the Internet, not only are vulnerabilities introduced into those networked things, but also some glaring holes are exposed in organizations’ ability to receive and triage bug reports. Researchers at Rapid7 today disclosed details on a pair of vulnerabilities in toys and interactive platforms aimed at children. The two vulnerabilities...

Since technology companies such as Google and Apple turned on end-to-end encryption by default and tied encryption keys to device passwords, the government’s inability to compel providers via warrants to turn over data has caused considerable angst. Going Dark is the government’s catch-all phrase for the current state of affairs, and high-ranking officials such as...

Google today patched Nexus devices in an over-the-air update against a critical vulnerability that could be exploited by an attacker on the same Wi-Fi network. The patch addresses multiple vulnerabilities in the Broadcom Wi-Fi driver that could be abused to allow for remote code execution. The patches were pushed out in builds LMY49G or later...

It’s well documented that attackers have reignited their love affair with the Office macro, using it as a vector for spreading banking malware and even the BlackEnergy Trojan as of late. According to researchers at the San Jose security company zScaler, the bot Kasidet, also known as Neutrino, has also adopted this technique. Attackers peddling the bot have stepped it...

A group of researchers are encouraging any smartphone users who own an L3 G3 to upgrade their devices after coming across a serious security vulnerability. If exploited the bug could enable an attacker to run arbitrary JavaScript, and lead to a handful of issues, including data theft, phishing attacks and a denial of service. The...

Mike Mimoso and Chris Brook discuss the news of the week, including the latest on the BlackEnergy APT Group, Amazon getting into the SSL certificate game, and government agencies being told to audit their systems for the Juniper backdoor. Download: news_wrap_01-29-16.mp3 Music by Chris Gonsalves