Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this
Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.
Original release date: June 30, 2022 CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. Note:
Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.
Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.
Original release date: June 28, 2022 CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication (“Modern Auth”) before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement
The AnonymousFox hack targets insecure websites and actively exploits them to spread phishing, spam, and other malware. A major nuisance for website owners, it also happens to be one of the more prevalent types of malware seen on client sites in the past two years. In this post we’ll describe what AnonymousFox is and how
Original release date: June 28, 2022 The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead
Shrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks.