December 12, 2024 at 05:15AM A critical vulnerability (CVE-2024-11972, CVSS 9.8) in the Hunk Companion WordPress plugin allows attackers to install malicious plugins, risking Remote Code Execution and other exploits. This flaw impacts all versions prior to 1.9.0 and has over 10,000 installations. Additionally, a related vulnerability in WPForms also poses risks. ### Meeting Takeaways … Read more
December 2, 2024 at 05:49AM A new phishing attack exploits Microsoft Word’s file recovery feature by distributing corrupted documents as email attachments. These files bypass security software due to their damaged condition while remaining recoverable by users, posing a significant security risk. ### Meeting Takeaways: – **Phishing Attack Overview**: A new phishing attack leverages a … Read more
November 19, 2024 at 08:42AM Microsoft detailed a new Windows 11 admin protection feature in preview, utilizing Windows Hello for authentication to secure critical system resources. It restricts admin rights, requiring users to verify actions via PIN or biometrics. This aims to mitigate malware risks by limiting unauthorized access while ensuring legitimate user control over … Read more
October 25, 2024 at 04:29PM APT29, a notorious Russian cyber threat group, has targeted military, government, and private sectors through phishing campaigns. They recently aimed to steal Windows credentials by disguising emails as AWS communications. Experts advise blocking RDP files at email gateways and monitoring outgoing connections to thwart future attacks. **Meeting Takeaways: APT29 Phishing … Read more
October 15, 2024 at 01:39PM The update for watchOS 10.6, available for Apple Watch Series 4 and later, addresses multiple security vulnerabilities including out-of-bounds access, information disclosure, and permissions issues. These fixes prevent app crashes, unauthorized privacy access, and potential gains in local kernel memory knowledge. Release date is July 29, 2024. **Meeting Takeaways: Security … Read more
October 9, 2024 at 05:06PM GitHub and GitLab are increasingly targeted for malicious activities, including a malware campaign using legitimate GitHub repositories and an exploit allowing unauthorized access to users in GitLab. Attackers leverage the platforms’ trusted reputations to deploy malware, highlighting significant security risks for organizations using these collaborative tools. ### Meeting Takeaways: 1. … Read more
March 13, 2024 at 12:21PM OPSWAT CEO Benny Czarny analyzes the challenges of securing file upload cybersecurity, emphasizing the limitations of three common tools used alone: anti-malware scanning, web application firewalls, and sandboxing. OPSWAT’s MetaDefender Platform offers a comprehensive defense-in-depth strategy combining multiple antivirus engines, deep content disarm and reconstruction, proactive data loss prevention, and … Read more
January 2, 2024 at 03:58PM Hackers recently targeted UK-based Radioactive Waste Management (RWM) using social engineering and LinkedIn. The company, now part of Nuclear Waste Services (NWS), has seen attempts to exploit business changes after a recent merger. The attackers were blocked through “multi-layered defenses,” but LinkedIn’s guidance recommends caution to avoid falling prey to … Read more
December 7, 2023 at 02:34PM A new proxy Trojan targeting macOS users via pirated software creates a covert proxy server to enable backdoor access and illicit activities, Kaspersky reports. The Trojan, also found for Android and Windows, uses DNS-over-HTTPS to evade detection. Experts advise using antiviruses and avoiding pirated software to prevent attacks. Meeting Takeaways: … Read more
December 5, 2023 at 12:07PM CISA warns of ongoing attacks exploiting a critical Adobe ColdFusion vulnerability (CVE-2023-26360), despite a fix. Hackers targeted government servers, installing malware and conducting reconnaissance. Although attacks were contained, CISA stresses updating ColdFusion and enhancing security measures. Meeting Takeaways: 1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a … Read more