The former Disney employee was arrested and charged with hacking the company's systems and changing restaurant menus. Michael Scheuer, a former Disney menu production manager, was charged with three Computer Fraud and Abuse Act (CFAA) violations. Scheuer's work credentials still functioned after his termination, allegedly allowing him to log into the Disney menu creation system contracted by a third-party company. This article continues to discuss the incident.

The free version of the popular WordPress plugin LiteSpeed Cache recently fixed a dangerous privilege elevation flaw with its latest update that could allow unauthenticated site visitors to gain admin rights.  LiteSpeed Cache is a caching plugin used by over six million WordPress sites, helping to speed up and improve user browsing experience.  Security researchers at Patchstack discovered the high-severity flaw  CVE-2024-50550.

Mystic Valley Elder Services (MVES) recently announced that it suffered a data breach that affected many individuals. The company is a Massachusetts-based non-profit that provides health and other services to the elderly and people with disabilities.

Yahoo’s vulnerability research team has recently identified nearly a dozen flaws in OpenText’s NetIQ iManager product, including some that could have been chained for unauthenticated remote code execution.  The research team discovered 11 vulnerabilities that could have been exploited individually for cross-site request forgery (CSRF), server-side request forgery (SSRF), remote code execution (RCE), arbitrary file upload, authentication bypass, file disclosure, and privilege escalation.

According to security researchers at SonicWall, global threat actors have been ramping up attacks on government targets, with a triple-digit annual increase in malware-driven attempts to compromise victims in the first three months of the year.  Alongside the 236% year-on-year (YoY) increase in Q1 2024, the researchers recorded a 27% annual increase in government attacks in the month leading up to the US election.  The researchers claimed that recorded DDoS attacks are on track to surpass last year’s figure by 32%.

By grigby1

By grigby1 

Researchers have revealed a new browser attack called "CrossBarking" that exploits "private" Application Programming Interfaces (APIs) in Opera to gain control over victims' browsers. CrossBarking involves running malicious code in the context of websites that have access to private APIs. This can be done through a Cross-Site Scripting (XSS) vulnerability or malicious browser extension. This article continues to discuss the CrossBarking browser attack.