WordPress 5.7.2 Security Release: What You Need to Know
On May 13, 2021 01:00 UTC, WordPress core released a security patch for a Critical Object Injection vulnerability in PHPMailer, the component that WordPress uses to send emails by default. If your site is set to allow auto updating of minor point releases, your site has probably already updated to…
Firms Struggle to Secure Multicloud Misconfigurations
Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database.
Ransomware Going for $4K on the Cyber-Underground
An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships.
Dragos & IronNet Partner on Critical Infrastructure Security
The IT and OT security providers will integrate solutions aimed at improving critical infrastructure security
Biden administration releases ambitious cybersecurity executive order
Capping a dramatic week that saw major oil pipeline provider Colonial Pipeline crippled by a ransomware attack, the Biden administration released a highly anticipated, far-reaching and complex Executive Order on Improving the Nation's Cybersecurity. The executive order (EO) aims to chart a "new course to improve the nation's cybersecurity and…
Beyond MFA: Rethinking the Authentication Key
Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them.
Fresh Loader Targets Aviation Victims with Spy RATs
The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads.
New US Executive Order on Cybersecurity
President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government. For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. Although the…
Muddy waters. Ofwat reveals it has received 20,000 spam and phishing emails so far this year
The Water Services Regulation Authority (better known as Ofwat) which is the UK Government's department responsible for regulating the privatised water and sewage industry in England and Wales, said it had received 21,486 malicious emails so far this year - with 5,149 classified as phishing attacks. At first glance that…
Critical Vulnerability Patched in External Media Plugin
On February 2, 2021, our Threat Intelligence team responsibly disclosed the details of a vulnerability in External Media, a WordPress plugin used by over 8,000 sites. This flaw made it possible for authenticated users, such as subscribers, to upload arbitrary files on any site running the plugin. This vulnerability could…
Apple’s ‘Find My’ Network Exploited via Bluetooth
The ‘Send My’ exploit can use Apple's locator service to collect and send information from nearby devices for later upload to iCloud servers.
Five Critical Password Security Rules Your Employees Are Ignoring
According to Keeper Security’s Workplace Password Malpractice Report, many remote workers aren’t following best practices for password security.
Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness
Select all the buses. Click on bikes. Does this photo have traffic lights? As ridiculous as these questions are, you’re almost guaranteed to have seen one recently. They are a way for online services to separate humans from bots, and they’re called CAPTCHAs. CAPTCHAs strengthen the security of online services.…
Smashing Security podcast #227: Phishing foul-up, Twitter tip jars, and Facebook’s Apple fury
Facebook says it's sticking up for the little guys as it picks a fight with Apple, there are testing times on the trains, and Twitter takes a tip. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham…
Can Data Protection Systems Prevent Data At Rest Leakage?
Protection against insider risks works when the process involves controlling the data transfer channels or examining data sources. One approach involves preventing USB flash drives from being copied or sending them over email. The second one concerns preventing leakage or fraud in which an insider accesses files or databases with…