JetPack Plugin Patches After Affecting 27 Million Sites
The Jetpack WordPress plugin, used on millions of sites, has released a critical security update to fix a vulnerability that allowed logged-in users to view others' submitted forms. This issue was discovered during an internal audit and has existed since 2016. Jetpack, part of Automattic, collaborated with the WordPress.org Security Team to ensure that users receive the update automatically, addressing the flaw in numerous versions of the plugin.
Read More
Windows Vulnerability Exploited as Zero-Day
Microsoft has recently highlighted a significant security vulnerability in Windows, known as CVE-2024-43461, which affects the retired Internet Explorer browser. Although Internet Explorer is no longer actively used, the underlying platform it utilized remains part of Windows and can still pose risks. This vulnerability allows attackers to run malicious code if a user inadvertently visits a harmful webpage or opens a tainted file. The flaw, which can mislead users about the true nature of a downloaded file, was exploited in the wild prior to its patching in September 2024.
Read More
Bugs Found in OpenVPN by Microsoft
Microsoft recently discovered four security flaws in OpenVPN, a popular tool used for creating secure virtual private network (VPN) connections. These flaws could be combined to allow hackers to take full control of a targeted computer, leading to serious risks like data breaches and unauthorized access to sensitive information.
Read More
Microsoft Connects Scattered Spider to Qilin Ransomware
Microsoft has reported that the Scattered Spider cybercrime gang has started using a new type of ransomware called Qilin in their attacks. This group, also known as Octo Tempest, gained attention for targeting over 130 major companies, including Microsoft and AT&T.
Read More