Our news
-
Vulnerability Summary for the Week of July 1, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 2code — wpqa_builder The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks 2024-07-03 8.8 CVE-2024-2376contact@wpscan.com ABB–ASPECT Enterprise (ASP-ENT-x) Default credential in…
-
DISGOMOJI: Not A Dance Move
A sophisticated malware targeting Linux servers with emojis as the form of execution, DISGOMOJI has emerged attributed to none other than the threat actor UTA0137. Utilized as part of a cyber-espionage campaign by the Pakistan-based actor, follow along as we dive into what exactly emojis have to do with Linux servers and how these state…
-
Vulnerability Summary for the Week of June 24, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info access_management_specialist_project — access_management_specialist An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. 2024-06-24 7.5 CVE-2024-37677cve@mitre.org aimeos–ai-client-html ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from…
-
Progress Software Releases Security Bulletin for MOVEit Transfer
Progress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following bulletin and apply the necessary updates: MOVEit Transfer Critical Security Alert Bulletin – June 2024 – (CVE-2024-5806)
-
CISA and Partners Release Guidance for Exploring Memory Safety in Critical Open Source Projects
Today, CISA, in partnership with the Federal Bureau of Investigation, Australian Signals Directorate’s Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software (OSS). This joint…
-
Safeguarding Your Digital Gateways and APIs
Application Programming Interfaces or APIs are the mechanisms by which different software and applications can communicate with one another. APIs are a core component of the web-based applications that power our world today. They can be found in everything from weather apps to healthcare technologies to every smart device on the market. For as many…
-
Vulnerability Summary for the Week of June 17, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 3uu–Shariff Wrapper The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of…
-
CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs)
Today, CISA released Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities, a detailed report exploring challenges to SSO adoption by small and medium-sized businesses (SMBs). The report also identifies potential ways to overcome these challenges and improve an SMB’s level of security. CISA also released a related blog…
-
Preview Pane Attacks
In today’s digital landscape, cybersecurity threats are evolving rapidly, and one of the more insidious methods attackers use to infiltrate systems is through preview pane attacks. These attacks leverage vulnerabilities in software that display previews of content, such as emails or documents, without fully opening them. In this blog post, we’ll delve into preview pane…
-
Vulnerability Summary for the Week of June 10, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info actpro — extra_product_options_for_woocommerce Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. 2024-06-10 8.8 CVE-2024-35727audit@patchstack.com adfinis–document-merge-service Document Merge Service is a document template merge service providing an API to manage…