#ITSupport – Page 2

Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover

November 15, 2024 by Xynik

November 15, 2024 at 05:35AM A critical vulnerability in the Really Simple Security plugin affected over 4 million WordPress websites, allowing for full administrative access. This flaw poses significant security risks, potentially enabling unauthorized takeovers of affected sites. The incident highlights the importance of timely security updates and monitoring for vulnerabilities. **Meeting Takeaways:** 1. **Incident … Read more

The true (and surprising) cost of forgotten passwords

November 14, 2024 by Xynik

November 14, 2024 at 11:16AM Password resets are costly, averaging $70 per reset, impacting productivity, innovation, and security. With employees averaging two resets annually, organizations can incur significant expenses. Implementing self-service password reset solutions can save about $65,000 annually by reducing helpdesk dependency, wait times, and enhancing user experience, particularly for hybrid workforces. ### Meeting … Read more

Citrix, Cisco, Fortinet Zero-Days Among 2023s Most Exploited Vulnerabilities

November 13, 2024 by Xynik

November 13, 2024 at 10:54AM In 2023, many of the most frequently exploited vulnerabilities were initially zero-day vulnerabilities, as reported by government agencies. Notable companies affected included Citrix, Cisco, and Fortinet, highlighting ongoing security challenges organizations face in protecting their systems. ### Meeting Notes Takeaways: 1. **Top Exploits of 2023**: Most frequently exploited vulnerabilities this … Read more

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws

November 12, 2024 by Xynik

November 12, 2024 at 02:04PM Microsoft’s November 2024 Patch Tuesday addresses 91 vulnerabilities, including four critical flaws and two actively exploited zero-days. Notable vulnerabilities include NTLM Hash Disclosure and Windows Task Scheduler issues. The update also highlights fixes for other major products and features from various vendors, ensuring enhanced security across systems. ### Meeting Takeaways … Read more

HPE Patches Critical Vulnerabilities in Aruba Access Points

November 8, 2024 by Xynik

November 8, 2024 at 06:49AM HPE has issued a warning about two critical vulnerabilities in Aruba Networking access points, which could allow for unauthenticated command injection. The company has since released patches to address these security issues. **Meeting Takeaways:** 1. **Company Alert**: HPE has issued a warning regarding two critical vulnerabilities identified in Aruba Networking … Read more

Cyberattack Blamed for Statewide Washington Courts Outage

November 6, 2024 by Xynik

November 6, 2024 at 07:04AM Unauthorized activity on the Washington courts network caused a cyberattack, resulting in the unavailability of websites and other services. This incident prompted concerns about cybersecurity within the state’s judicial systems. **Meeting Takeaways:** 1. **Incident Overview**: There was unauthorized activity detected on the Washington courts network. 2. **Impact**: This unauthorized activity … Read more

Ransomware Attack Disrupts Georgia Hospital’s Access to Health Records

November 6, 2024 by Xynik

November 6, 2024 at 06:18AM Memorial Hospital and Manor experienced disruptions to its Electronic Health Record system due to a ransomware attack. This incident impacted the hospital’s access to critical health records. Takeaways from the meeting notes: 1. **Incident Overview**: Memorial Hospital and Manor experienced a disruption to its Electronic Health Record (EHR) system due … Read more

Over 6,000 WordPress hacked to install plugins pushing infostealers

October 21, 2024 by Xynik

October 21, 2024 at 01:56PM WordPress sites are being compromised to introduce malicious plugins that show fake software updates and error messages, aimed at installing information-stealing malware. **Meeting Takeaways:** 1. **Security Breach Risk:** WordPress sites are currently at risk of being hacked. 2. **Malicious Plugin Installation:** Hackers are installing malicious plugins on affected WordPress sites. … Read more

Microsoft warns it lost some customer’s security logs for a month

October 17, 2024 by Xynik

October 17, 2024 at 06:19PM Microsoft has alerted enterprise customers about a critical bug that led to the loss of important logs for nearly a month, jeopardizing the ability of companies to monitor unauthorized activity effectively. This issue highlights significant security risks for organizations dependent on these logs. **Meeting Notes Takeaways:** 1. **Issue Identified**: Microsoft … Read more

Juniper Networks Patches Dozens of Vulnerabilities

October 14, 2024 by Xynik

October 14, 2024 at 09:15AM Juniper Networks has released patches addressing numerous vulnerabilities found in Junos OS, Junos OS Evolved, and various third-party components. This update aims to enhance security and protect users from potential threats. **Meeting Notes Takeaways:** 1. **Announcement**: Juniper Networks has released patches addressing multiple vulnerabilities. 2. **Affected Systems**: The vulnerabilities are … Read more