December 12, 2024 at 02:27AM A global law enforcement operation named PowerOFF has dismantled 27 stresser services used for DDoS attacks, arresting three administrators and identifying over 300 users. Coordinated by Europol and 15 countries, the initiative addresses the rising threat of cybercrime and highlights vulnerabilities in web application security. ### Meeting Takeaways – December … Read more
December 3, 2024 at 05:39PM Many organizations using CDN-provided WAF services are misconfiguring them, exposing back-end servers to direct attacks. This affects nearly 40% of Fortune 100 companies, including major brands. Researchers found that inadequate request validation and lack of security best practices are primary causes of this widespread vulnerability, making servers accessible to Internet … Read more
November 27, 2024 at 12:52PM Attackers are exploiting Magento e-commerce sites with new card-skimming malware, identified by Sucuri. The malware dynamically steals payment information via JavaScript injections. Researchers recommend regular security audits, deploying Web application firewalls, maintaining updated software, using strong passwords, and implementing file integrity monitoring to safeguard against such attacks, especially during high-traffic … Read more
April 17, 2024 at 07:12AM Cybersecurity researchers have uncovered a new campaign exploiting a vulnerability in Fortinet FortiClient EMS devices, allowing unauthorized code execution. The campaign, tracked by Forescout as Connect:fun, utilizes ScreenConnect and Metasploit Powerfun. Organizations are urged to patch the CVE-2023-48788 vulnerability, monitor for suspicious activity, and use a web application firewall for … Read more
March 18, 2024 at 05:57AM WordPress users are advised to delete miniOrange’s Malware Scanner and Web Application Firewall plugins due to a critical security flaw, with a high CVSS score of 9.8. The flaw allows unauthenticated attackers to gain administrative privileges, leading to potential compromise of the site. Another privilege escalation flaw was found in … Read more
March 15, 2024 at 08:15AM Thousands of WordPress websites are at risk due to critical vulnerabilities in two MiniOrange plugins, Malware Scanner and Web Application Firewall. The flaw allows unauthorized users to gain administrative privileges and take control of a site. Similarly, another high-severity vulnerability was found in the RegistrationMagic plugin, enabling unauthorized users to … Read more
November 1, 2023 at 01:05PM Atlassian has discovered a critical vulnerability in its Confluence Data Center and Server platform and is advising customers to patch it immediately. The vulnerability, CVE-2023-22518, is an improper authorization vulnerability that affects on-premises versions of Confluence. This is the second critical vulnerability found in a month. Atlassian has not detected … Read more