Significant jump in number of hackers reporting vulnerabilities to companies
Since the onset of the Covid-19 pandemic, the number of hackers reporting security vulnerabilities and bugs to enterprises has increased by nearly two-thirds
Share this item with your network: By Published: 09 Mar 2021 14:42
The number of white hat hackers who find security vulnerabilities and warn companies about them, usually to earn a bug bounty, increased by 63% in 2020, according to the latest annual
Hacker report.
The number of ethical hackers reporting bugs or vulnerabilities to enterprises has increased by 143% since 2018, demonstrating that hackers and IT security teams are working together much more frequently to manage cyber threats.
Latest macOS Big Sur also has SUDO root privilege escalation flaw
By
06:00 AM
A recently discovered heap-based buffer overflow vulnerability in Linux SUDO also impacts the latest version of Apple macOS Big Sur, with no patch available yet.
Last week, BleepingComputer had reported on
, a flaw in SUDO which lets local users gain root privileges.
Sudo is a Unix program that enables system admins to provide limited root privileges to normal users listed in the
sudoers file, while at the same time keeping a log of their activity.
This helps limits the rights of standard users on an operating system by preventing them from executing high-risk commands and programs which may compromise the system s security.
minute read
Share this article:
Two security vulnerabilities one a privilege-escalation problem and the other a stored XSS bug afflict a WordPress plugin with 40,000 installs.
Two vulnerabilities (one critical) in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.
Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-building utilities. It allows site administrators to add features such as registration forms and widgets. The plugin, from a developer called ThemeIsle, has been installed by 400,000+ sites.
According to researchers at Wordfence, the first flaw (CVEs are pending) is an authenticated privilege-escalation flaw that carries a CVSS bug-severity score of 9.9, making it critical. Authenticated attackers with contributor level access or above can elevate themselves to administrator status and potentially take
POLITICO
Get the Weekly Cybersecurity newsletter
Email
Sign Up
By signing up you agree to receive email newsletters or updates from POLITICO and you agree to our privacy policy and terms of service. You can unsubscribe at any time and you can contact us here. This sign-up form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
With help from Eric Geller
Editor’s Note: Weekly Cybersecurity is a weekly version of POLITICO Pro’s daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day’s biggest stories. Act on the news with POLITICO Pro.