This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting (XSS) attacks. Sites running the plugin are vulnerable to unauthenticated plugin […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets. Read more Top 5 Security News […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). “Mozilla plans to enable support for the DNS-over-HTTPS (DoH) protocol by default inside the Firefox browser for a small number of US users starting later this month. When DoH support is enabled in Firefox, […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). “Crimeware is a cornerstone to financially motivated threat actors’ toolsets and sees consistent and continuous evolution in its operation. Crimeware developers have demonstrated resilience in the face of an evolving security landscape and law […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code. In an unnerving twist, when a critical zero-day vulnerability was reported in a […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Why do we care about encryption? Why was it a big deal, at least in theory, when Mark Zuckerberg announced earlier this year that Facebook would move to end-to-end encryption on all three of […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown. Have you ever noticed they all had at […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Engineers at Netflix discovered three new vulnerabilities in Linux and FreeBSD kernels specific to its TCP networking implementation. The Vulnerabilities can be used by an adversary to perform a Denial Of Service (DOS) attack […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). A new side-channel attack that enables an attacker to read out physical memory belonging to other processes, named RAMBleed, is published. RAMBleed, based on a previous side channel called Rowhammer, violates arbitrary privilege boundaries. […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Amazon S3 cloud bucket misconfigurations however have dropped dramatically. The last 12 months has seen the exposure of a record 2.3 billion files across cloud databases and online shares, according to an analysis released […]