mobile-logo
 

Security Tag

15 Apr

How a Critical Flaw in WooCommerce can be Exploited to Compromise WordPress Websites

in Authentication, Cyber Security, Cybersecurity, Internet Security, Vulnerabilities
Comments

Popular e-commerce plug-in, WooCommerce, used for WordPress-based online stores, has been found to contain a critical vulnerability that could allow attackers to take over websites. While technical details about the vulnerability have not been published, the WooCommerce team has released updates, and attackers could reverse-engineer the patch. The vulnerability allows for unauthenticated administrative takeover of websites. Website administrators using this plugin are advised to issue the...

Read More
13 Apr

Aruba Networks releases patch to fix ClearPass software vulnerabilities

in Cyber Security, Cybersecurity
Comments

Aruba Networks Releases Patches for Eight Vulnerabilities in ClearPass Policy Manager Software. Aruba Networks, a leading provider of network access enforcement solutions, has recently disclosed a set of patches to address eight vulnerabilities in its ClearPass Policy Manager software. The software is used to enforce unified network access across wireless, wired, and VPN networks. The most severe vulnerability, CVE-2023-25589, was discovered by New Zealander pentester Daniel Jensen....

Read More
12 Apr

Two Exploited Bugs Addressed in Microsoft’s Latest Patches

in Cyber Security, Cybersecurity
Comments

Microsoft Releases 76 Fixes in Latest Patch Tuesday Collection. Microsoft has released a collection of 76 fixes for various vulnerabilities as part of its Patch Tuesday update. Of these, two bugs are currently under active exploitation. One of the bugs, CVE-2023-23415, appears to be a “ping of death” and is an ICMP remote code execution (RCE) vulnerability with a CVSS score of 9.8. Attackers can exploit this...

Read More
frontier software
11 Apr

NSW Health affected by Frontier Software security breach

in Cyber Security, Cybersecurity
Comments

NSW Health Data Breach: Payroll Information of Over 1,600 Staff Affected! NSW Health has recently confirmed that it has become the latest organisation to suffer a data breach in the Frontier Software cyber-attack at the end of 2021. According to an FAQ posted on its website, the breach has impacted staff or former staff who were employed by the Ministry of Health, as a senior executive...

Read More
stolen password
10 Apr

The Growing Threat of Cybercrime Empowered by Stolen Credentials

in Cyber Security, Cybercrime, Cybersecurity, Malware, Ransomware
Comments

Cybercriminals are increasingly turning to stolen credentials as a valuable commodity on the underground market. According to a report by cybersecurity firm Flashpoint, last year saw 4,518 data breaches reported, with attackers stealing or exposing 22.62 billion credentials and personal records. Over 60% of these were stolen from organizations in the information sector. Flashpoint's database of threat intelligence includes 575 million posts on illegal forums, 3.6...

Read More
08 Apr

The LastPass Data Breach: Failure to Update Plex Software by Engineer Resulted in a Major Security Breach.

in Cyber Security, Cybersecurity
Comments

LastPass Breach Resulted from Failure to Update Plex Software. A recent breach at LastPass, a popular password management service, has been attributed to the failure of one of its engineers to update Plex software on their home computer. This serves as a reminder of the importance of keeping software up-to-date to avoid potential security risks. The breach occurred when unidentified actors leveraged information stolen from a previous...

Read More
06 Apr

Discover How Security and IT Teams Can Save Money by Identifying SaaS-Shadow IT

in Cyber Security, Cybersecurity
Comments

On March 4, 2023, Wing Security, a SaaS Security Posture Management (SSPM) company, made waves with the launch of its free SaaS-Shadow IT discovery solution. The self-service product operates on a "freemium" model and offers cloud-based companies insight into their employees' SaaS usage. Within the first few weeks of launching, over 200 companies enrolled in the free discovery tool. Wing recently released a short report on...

Read More
24 Mar

Cisco Releases Security Update for IP Phone Systems

in Cyber Security, Cybersecurity
Comments

Cisco has released software fixes for multiple versions of firmware running on some of its IP phones, the company announced in an advisory. The advisory covers two vulnerabilities that affect six products, including the 6800 series, 7800 series, and 8800 series phones running the company’s multiplatform firmware. The first vulnerability, CVE-2023-20078 (CVSS score 9.8), allows an unauthenticated remote attacker to send a crafted request to the...

Read More
23 Mar

BlackLotus Malware Successfully Bypasses Secure Boot on Windows 11, Becoming First UEFI Bootkit

in Cyber Security, Cybersecurity
Comments

Today marks a significant milestone in the cyber threat landscape, as the first publicly known malware capable of bypassing Secure Boot defenses has been discovered. Dubbed BlackLotus, the stealthy Unified Extensible Firmware Interface (UEFI) bootkit is being offered for sale at $5,000 and is programmed in Assembly and C. According to ESET, a Slovak cybersecurity company, BlackLotus is capable of running on fully up-to-date Windows 11...

Read More