Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations being vulnerable to malicious data extraction.
Posts tagged "Exposed"
20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
Threatpost
Millions of Routers Exposed by Bug in USB Module
The high-severity RCE flaw is in the KCodes NetUSB kernel module found in popular end-user routers from Netgear, TP-Link, DLink, and Western Digital, et al.
SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offered Up Steam API Access & More
SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
Threatpost
80K Retail WooCommerce Sites Exposed by Plugin XSS Bug
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
Threatpost
6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years
Pen Test Partners didn’t disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
Threatpost
100M IoT Devices Exposed By Zero-Day Bug
A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.
Threatpost