Blog
Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords
Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts....
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently...
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
The vulnerability, CVE-2023-22515, allows remote attackers to create unauthorized administrator accounts and gain access to Confluence servers. Organizations using Confluence applications should upgrade to the latest versions and isolate them.
North Korea’s State-Sponsored APTs Organize and Align
Collaboration and information-sharing among North Korean APTs have increased during the COVID-19 pandemic, leading to a more organized and coordinated state-sponsored structure, researchers from Mandiant revealed in a report.
New Magecart Campaign Abuses 404 Page Not Found Error
A new card skimming campaign discovered by Akamai utilizes 404 error pages on online retailers' websites to hide malicious code and steal customers' credit card information. The stolen data is exfiltrated via seemingly benign image requests, thus evading network...
SAP Releases Seven New Notes on October 2023 Patch Day
Organizations are advised to check all their software for the presence of the CVE-2023-4863 vulnerability in the libwebp image rendering library and apply patches accordingly.
British Cable Manufacturer Volex Confirms Unauthorized Access to its Systems and Data
Despite the breach, Volex's operations remain largely unaffected, and the financial impact is expected to be minimal. The details of the breach, including the method of attack and any ransom demands, remain undisclosed.
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is...
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed...
IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits
The campaign leverages multiple vulnerabilities, including command injection, remote code execution, and arbitrary command execution, to gain control of targeted devices and incorporate them into the botnet.
FREE GUIDE