Recent Security News
-
WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
March 18, 2024 at 05:57AM WordPress users are advised to delete miniOrange’s Malware Scanner and Web Application Firewall plugins due to a critical security flaw, with a high CVSS score of 9.8. The flaw allows unauthenticated attackers to gain administrative privileges, leading to potential compromise of the site. Another privilege escalation flaw was found in…
-
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
March 18, 2024 at 04:58AM APT & Targeted Attacks Summary An APT campaign named Earth Krahang targets government entities worldwide, with a focus in Southeast Asia, but also in Europe, America, and Africa. Using public-facing servers and spear phishing emails, the threat actor aims to conduct cyberespionage by abusing compromised government infrastructure. The campaign involves…
-
IMF Emails Hacked
March 18, 2024 at 04:51AM The IMF uncovered a cybersecurity incident involving nearly a dozen hacked email accounts. Discovered on February 16, 2024, an investigation revealed 11 compromised accounts, which were promptly secured. The IMF emphasized its serious approach to cybersecurity and the absence of further unauthorized access. The attackers’ motives and potential data obtained…
-
Infosec teams must be allowed to fail, argues Gartner
March 18, 2024 at 03:36AM Gartner analysts Mixter and Xiu argue that a zero-tolerance approach to failure in information security is unrealistic. They advocate for a focus on effective recovery from cyber attacks, rather than expecting total prevention. They recommend developing recovery plans, prioritizing investments, and addressing mental health among infosec workers. The analysts also…
-
South African Government Pension Data Leak Fears Spark Probe
March 18, 2024 at 03:09AM LockBit ransomware gang asserts that the 668GB of data they leaked online was taken from South Africa’s pension agency. The meeting notes state that the LockBit ransomware gang has claimed that 668GB of data was dumped online and that it was stolen from South Africa’s pension agency. Full Article