Researchers have discovered dozens of malicious apps in the Google Play Store that show advertisements even when the phone’s screen is turned off.
Security News
Read about the latest security news. News about computer security malware, and other threats to your computer.
Hundreds of Weaknesses in WordPress Plug-ins Remain Unupdated
This year, security experts have found 2500 weak spots in additional tools (called plug-ins) for WordPress, a platform used by over 43% of all websites.
Popular WordPress Security Plugin Found Storing User Passwords in Plain Text
A popular security plugin for WordPress, known as “All-In-One Security (AIOS) – Security and Firewall,” has been found to store users’ passwords in plain text within the database.
Meta Blocks Access to Threads Twitter Clone for European VPN Users
European internet users can no longer access Meta’s Twitter clone Threads through a VPN. While Threads is not available in the EU, bypassing this restriction using a VPN was possible. However, Meta has now blocked access for European VPN users as well.
Critical Vulnerability in WordPress Plugin Puts Thousands of Websites at Risk
Thousands of WordPress sites are vulnerable to takeover through a critical flaw in a widely used user registration plugin. Although the developer has released an update, most websites have not yet installed it. The vulnerability resides in the User Registration plugin, which allows WordPress sites to customize user registration pages and create user profile pages. Over 60,000 WordPress sites rely on this plugin.
Apple Reissues Security Updates for Actively Exploited Zero-Day Flaw in iOS and macOS
Apple has reissued security updates for an actively exploited zero-day vulnerability in iOS and macOS due to issues encountered with the initial release. Earlier this week, the tech company issued a Rapid Security Response to address the actively targeted flaw in WebKit, the browser engine developed by Apple. All browsers on iOS and iPadOS are required to utilize WebKit.
VMware Issues Warning About Exploit for Critical Vulnerability in Aria Operations for Logs
VMware has issued a cautionary notice to organizations regarding the discovery of an exploit for a critical vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs, a log analysis tool previously known as vRealize Log Insight. Just last month, VMware reported actively exploiting another security flaw in the software. The appearance of the exploit code has now increased the likelihood of abuse of CVE-2023-20864.
Apple introduces image monitoring option for chat apps in iOS 17
Apple is set to introduce a new option in the latest iOS, macOS, and iPadOS versions that allows users to scan images in chat apps.
Nickelodeon Launches Investigation into Possible Leak of Production Material
The popular television network Nickelodeon is investigating a potential leak of its production material. Reports have emerged on platforms such as Twitter, claiming that a substantial amount of Nickelodeon’s videos, audio files, scripts, and graphics, totaling five hundred gigabytes, have been leaked.