Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!

Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress.
The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22.
"Improved code security enforcement in WooCommerce components," the

https://thehackernews.com/2023/04/hacker...entor.html

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems.
This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week.
CVE-2022-46169 relates to a critical

https://thehackernews.com/2023/04/cacti-...aspex.html

How to Solve IoT's Identity Problem

Network protocols can be used to identify operating systems and discern other device information.

https://www.darkreading.com/dr-tech/how-...ty-problem

Is Decentralized Identity About to Reach an Inflection Point?

Decentralized identity products are increasingly projected to be introduced to the market in the next couple of years.

https://www.darkreading.com/omdia/is-dec...ion-point-

Adaptive Access Technologies Gaining Traction for Security, Agility

With companies pushing to adopt zero-trust frameworks, adaptive authentication and access — once languishing — looks finally ready to move out of the doldrums.

https://www.darkreading.com/emerging-tec...ty-agility

Pro-Islam 'Anonymous Sudan' Hacktivists Likely a Front for Russia's Killnet Operation

"Anonymous Sudan" has been claiming that its DDoS attacks are in retaliation for anti-Islamic activities, but at least one security vendor is suspicious about its true motives.

https://www.darkreading.com/attacks-brea...-operation

Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Incr

The State of Email Security Report reveals cyber risk commands the C-suite's focus.

https://www.darkreading.com/operations/m...y-spending

The FDA's Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say

The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.

https://www.darkreading.com/cloud/the-fd...real-teeth

Elastic Expands Cloud Security Capabilities for AWS

Launching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations.

https://www.darkreading.com/cloud/elasti...es-for-aws

Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs


Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites. [...]


https://www.bleepingcomputer.com/news/se...-installs/