Our news

  • CISA and Partners Release Guidance for Exploring Memory Safety in Critical Open Source Projects

    Today, CISA, in partnership with the Federal Bureau of Investigation, Australian Signals Directorate’s Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software (OSS). This joint…

    READ MORE

  • Safeguarding Your Digital Gateways and APIs

    Application Programming Interfaces or APIs are the mechanisms by which different software and applications can communicate with one another. APIs are a core component of the web-based applications that power our world today. They can be found in everything from weather apps to healthcare technologies to every smart device on the market. For as many…

    READ MORE

  • Vulnerability Summary for the Week of June 17, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 3uu–Shariff Wrapper  The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of…

    READ MORE

  • CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs)

    Today, CISA released Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities, a detailed report exploring challenges to SSO adoption by small and medium-sized businesses (SMBs). The report also identifies potential ways to overcome these challenges and improve an SMB’s level of security.  CISA also released a related blog…

    READ MORE

  • Preview Pane Attacks 

    In today’s digital landscape, cybersecurity threats are evolving rapidly, and one of the more insidious methods attackers use to infiltrate systems is through preview pane attacks. These attacks leverage vulnerabilities in software that display previews of content, such as emails or documents, without fully opening them. In this blog post, we’ll delve into preview pane…

    READ MORE

  • Vulnerability Summary for the Week of June 10, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info actpro — extra_product_options_for_woocommerce  Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. 2024-06-10 8.8 CVE-2024-35727audit@patchstack.com adfinis–document-merge-service  Document Merge Service is a document template merge service providing an API to manage…

    READ MORE

  • Microsoft Releases June 2024 Security Updates

     Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   Users and administrators are encouraged to review the following advisory and apply the necessary updates:   Microsoft Security Update Guide for June

    READ MORE

  • What are the Steps to Take During a Cyber Breach?

    Detailed Steps after a Breach In today’s digital world, cyber breaches are an unfortunate reality that can affect organizations of all sizes. Knowing how to respond effectively can make the difference between a minor incident and a major catastrophe. Here are the best practices to follow during a cyber breach to mitigate damage and restore…

    READ MORE

  • Cybersecurity and Cryptocurrency: Safeguarding Digital Assets in 2024

    The emergence of cryptocurrency — decentralized, digital alternatives to fiat money ― is changing the ways in which we perform financial transactions. Yet through the proliferation of cryptocurrencies, come greater than ever security concerns. With the invention of cryptocurrencies, cyber-related incidents such as hacking, and fraud have also become commonplace. To anticipate these security issues,…

    READ MORE

  • Vulnerability Summary for the Week of June 3, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme–XStore Core  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core: from n/a through 5.3.8. 2024-06-04 8.5 CVE-2024-33557audit@patchstack.com 8theme–XStore  Improper Limitation of a Pathname to a…

    READ MORE