November 18, 2024 at 07:03AM Cybercriminals are increasingly exploiting vulnerabilities and human trust, affecting everyone and every organization. Recent threats include a zero-day flaw in Palo Alto firewall, hijacked domains, and phishing job offers targeting LinkedIn users. To defend against attacks, regular system updates and cybersecurity awareness are essential. ### Meeting Takeaways – Cybersecurity / … Read more
November 17, 2024 at 11:37AM A critical vulnerability (CVE-2024-10924) in the ‘Really Simple Security’ WordPress plugin allows unauthorized access due to improper user authentication handling. Wordfence warns it enables mass exploitation, urging forced updates. The flaw affects versions 9.0.0 to 9.1.1.1, with a fix released in version 9.1.2. Users must manually update to avoid risks. … Read more
November 8, 2024 at 08:04AM Recent updates to the Google mobile app for Android have caused shared links to be prepended with a “search.app” domain, raising user concerns about potential malware. This domain, similar to other link redirectors, allows Google to gather analytics and block unsafe content, though its lack of documentation remains puzzling. **Meeting … Read more
November 1, 2024 at 07:08AM Recent cyberattacks orchestrated by the pro-Russia group NoName057(16) targeted multiple UK councils, rendering websites inaccessible. Affected authorities included Bradford, Eastleigh, and Salford. The attacks stemmed from the UK’s support for Ukraine. Although confirmed attacks were limited, there are ongoing concerns about the psychological impact of such DDoS efforts. ### Meeting … Read more
October 31, 2024 at 12:50PM The LiteSpeed Cache plugin for WordPress fixed a high-severity privilege elevation flaw (CVE-2024-50550) enabling unauthenticated users to gain admin rights. The vulnerability stemmed from weak hash checks in the role simulation feature. A patch was released on October 17, 2024, but millions remain potentially exposed. ### Meeting Takeaways: 1. **Vulnerability … Read more
October 13, 2024 at 06:20PM Google’s Chrome Web Store warns that the uBlock Origin ad blocker may soon be blocked due to the deprecation of the Manifest V2 extension specification in favor of Manifest V3. Users are encouraged to switch to compatible alternatives, as advanced functionality may be limited with new versions. Manifest V2 will … Read more
October 13, 2024 at 02:30PM Apple released updates for Safari 18 on September 16, 2024, addressing three cross-origin vulnerabilities (CVE-2024-40866, CVE-2024-44187, CVE-2024-40857) that could lead to data exfiltration and universal cross-site scripting. Updates are available for macOS Ventura and macOS Sonoma. ### Meeting Takeaways: **Apple ID:** 121241 **Release Date:** September 16, 2024 **Security Vulnerabilities Identified:** … Read more
October 10, 2024 at 04:00AM Researchers have uncovered a new malware campaign involving the Mongolian Skimmer, using Unicode obfuscation to hide its code. Targeting e-commerce, the skimmer collects sensitive data via an inline script. It employs various techniques to evade detection and ensure broad browser compatibility, even coordinating with other threat actors for profit sharing. … Read more
October 8, 2024 at 07:28AM An innovative web security solution saved a global online retailer and its customers from an “evil twin” attack, where malicious redirects led shoppers to fake checkout pages to steal payment information. Reflectiz’s advanced deobfuscation tool detected and averted the threat, highlighting the need for continuous web security monitoring to protect … Read more
October 4, 2024 at 06:00AM A high-severity security flaw in the LiteSpeed Cache plugin for WordPress (CVE-2024-47374) allows for arbitrary JavaScript code execution. The flaw was patched in version 6.5.1 on September 25, 2024, after being responsibly disclosed. This vulnerability could enable privilege escalation and affects all versions up to 6.5.0.2, potentially impacting the over … Read more