Cybersecurity
Category Added in a WPeMatico Campaign
Two new security flaws in the popular Simple Membership plugin for WordPress, affecting versions 4.3.4 and below, have been identified, leading to potential privilege escalation issues. With over 50,000 active installations, the plugin developed by smp7 and wp.insider is widely used for custom membership management on WordPress sites. The flaws identified by Patchstack security researchers include […]
Network Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns. “There’s so much snake oil within the security industry regarding threat detection […]
Sep 28, 2023THNZero Day / Vulnerability Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance […]
A spearphishing campaign targeting management teams associated with an Azerbaijanian company exploits the conflict between Azerbaijan and Armenia, using malware disguised as an infected memo to gather basic computer information from its targets.
It is no secret that the cyber security industry stands at the precipice of an acute skills gap. While the global economy clamors for 3.4 million cyber security experts, the demand heavily outweighs the supply. The lack of talented humans in a cyber security team – or an entirely non-existent team – could have devastating […]
Researchers who discovered two critical vulnerabilities in Microsoft SharePoint Server have released details of an exploit they developed that chains the two vulnerabilities together to enable remote code execution on affected servers. Separately, another security researcher this week posted proof-of-concept code on GitHub for one of the SharePoint vulnerabilities that shows how an attacker could […]
Mozilla on Tuesday announced security updates for both Firefox and Thunderbird, addressing a total of nine vulnerabilities in its products, including high-severity flaws. Firefox 118 was released to the stable channel with patches for all nine vulnerabilities – all are memory issues, most of which could lead to exploitable crashes. Tracked as CVE-2023-5168 and CVE-2023-5169, […]
Cloud detection and response company Gem Security today announced that it has raised a $23 million Series A round led by GGV Capital, with participation from IBM Ventures and Silicon Valley CISO Investments. It was only in February that Gem announced its $11 million seed round led by Team8, which also participated in this new […]
Sep 28, 2023THNZero Day / Vulnerability Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance […]