MSA-23-0002: Reflected XSS risk in blog searchby Michael Hawkins. Blog search required additional sanitizing to prevent a reflected XSS risk.Severity/Risk:SeriousVersions affected:4.1 and 4.0 to 4.0.5Versions fixed:4.1.1,...
Month: January 2023
Thinking of Hiring or Running a Booter Service? Think Again.
Thinking of Hiring or Running a Booter Service? Think Again.Most people who operate DDoS-for-hire businesses attempt to hide their true identities and location. Proprietors of these...
El FBI confirma que el grupo Lazarus de Corea del Norte robó 100 millones en criptomonedas
El FBI confirma que el grupo Lazarus de Corea del Norte robó 100 millones en criptomonedasEl FBI asegura que fueron actores maliciosos apoyados por Corea del...
MSA-23-0001: Reflected XSS risk in some returnurl parameters
MSA-23-0001: Reflected XSS risk in some returnurl parametersby Michael Hawkins. Some returnurl parameters required additional sanitizing to prevent a reflected XSS risk.Severity/Risk:SeriousVersions affected:4.1, 4.0 to 4.0.5,...
Cisco BroadWorks CommPilot Application Software Vulnerabilities
Cisco BroadWorks CommPilot Application Software VulnerabilitiesMultiple vulnerabilities in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to execute...
Malware exploited critical Realtek SDK bug in millions of attacks
Malware exploited critical Realtek SDK bug in millions of attacksHackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying...
Why it’s time to review your on-premises Microsoft Exchange patch status
Why it's time to review your on-premises Microsoft Exchange patch statusWe start the patching year of 2023 looking at one of the largest releases of vulnerability...
Bloke allegedly stole, sold private info belonging to ‘tens of millions’ globally
Bloke allegedly stole, sold private info belonging to 'tens of millions' globallyIf true, was it worth the $500k and prison jumpsuit? A man suspected of stealing...
Strengthening the human element
Strengthening the human elementHow to locate cybersecurity risks in remote working Webinar The implementation of lockdowns during the maelstrom of the Coronavirus pandemic led to fast...
Zacks Investment Research data breach affects 820,000 clients
Zacks Investment Research data breach affects 820,000 clientsHackers breached Zacks Investment Research (Zacks) company last year and gained access to personal and sensitive information belonging to...
Perception Point launches Advanced Threat Protection for Zendesk
Perception Point launches Advanced Threat Protection for ZendeskThreat protection company Perception Point has launched Advanced Threat Protection for Zendesk to provide detection and remediation services for...
10 data privacy tips to protect your organization this year
10 data privacy tips to protect your organization this yearIt’s data privacy week! This week-long international initiative was developed by the National Cybersecurity Alliance, and encourages...
Trustwave relaunches Advanced Continual Threat Hunting with human-led methodology
Trustwave relaunches Advanced Continual Threat Hunting with human-led methodologyCybersecurity vendor Trustwave has announced the relaunch of its Advanced Continual Threat Hunting platform with new, patent-pending human-led...
Hackers auction alleged source code for League of Legends
Hackers auction alleged source code for League of LegendsThreat actors are auctioning the alleged source code for Riot Game's League of Legends and the Packman anti-cheat...
QuSecure launches quantum-computing based security for endpoints
QuSecure launches quantum-computing based security for endpointsQuSecure, a quantum-computing technology company based in Silicon Valley, today announced the latest version of its security platform, called QuEverywhere...
CISA: Federal agencies hacked using legitimate remote desktop tools
CISA: Federal agencies hacked using legitimate remote desktop toolsCISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote...
New T-Mobile Breach Affects 37 Million Accounts
New T-Mobile Breach Affects 37 Million AccountsT-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as...
NEW TECH: How I started a company to supply democratized pentests to immunize websites
NEW TECH: How I started a company to supply democratized pentests to immunize websitesMy name is Eden Zaraf. I’ve been driven by my passion for technology...
NEW TECH: DigiCert unveils ‘Trust Lifecyle Manager’ to centralize control of digital certificates
NEW TECH: DigiCert unveils ‘Trust Lifecyle Manager’ to centralize control of digital certificatesTo get network protection where it needs to be, legacy cybersecurity vendors have begun...
GUEST ESSAY — How threat detection services for SMBs are continuing to evolve and improve
GUEST ESSAY — How threat detection services for SMBs are continuing to evolve and improveSmall and medium-sized businesses are facing immense security challenges and these are...
SHARED INTEL: Here’s why security analysts need to remain on high alert for fake bug reports
SHARED INTEL: Here’s why security analysts need to remain on high alert for fake bug reportsIn an ideal world, cybersecurity analysts would get legitimate daily reports...
FBI confirms that North Korea-linked Lazarus APT is behind Harmony Horizon Bridge $100 million cyber heist
FBI confirms that North Korea-linked Lazarus APT is behind Harmony Horizon Bridge $100 million cyber heistThe U.S. FBI attributes the $100 million cyber heist against Harmony...
FIRESIDE CHAT: Can ‘MLSecOps’ do for MLOps, what DevSecOps is doing for DevOps?
FIRESIDE CHAT: Can ‘MLSecOps’ do for MLOps, what DevSecOps is doing for DevOps?Massively interconnected digital services could someday soon save the planet and improve the lives...
How CISOs can manage the cybersecurity of high-level executives
How CISOs can manage the cybersecurity of high-level executivesHigh-level executives, including board members and C-level executives, often have access to sensitive information, making them prime targets...
GoTo revealed that threat actors stole customers’ backups and encryption key for some of them
GoTo revealed that threat actors stole customers’ backups and encryption key for some of themGoTo is notifying customers that its development environment was breached in November...
Administrator of RSOCKS Proxy Botnet Pleads Guilty
Administrator of RSOCKS Proxy Botnet Pleads GuiltyDenis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of...
Pakistan hit by nationwide power outage, is it the result of a cyber attack?
Pakistan hit by nationwide power outage, is it the result of a cyber attack?Pakistan suffered a nationwide blackout, local authorities are investigating the cause and suspect...
Exploit released for critical Windows CryptoAPI spoofing bug
Exploit released for critical Windows CryptoAPI spoofing bugProof of concept exploit code has been released by Akamai researchers for a critical Windows CryptoAPI vulnerability discovered by...
The FBI Identified a Tor User
The FBI Identified a Tor UserNo details, though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and...
VMware warns of critical code execution bugs in vRealize Log Insight
VMware warns of critical code execution bugs in vRealize Log InsightA critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take...