Entries by Security Incident Response Team

Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).   An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting (XSS) attacks. Sites running the plugin are vulnerable to unauthenticated plugin […]

Millions of passenger data publicly accessible in cloud storage buckets

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets. Read more   Top 5 Security News […]

Crimeware in the Modern Era

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). “Crimeware is a cornerstone to financially motivated threat actors’ toolsets and sees consistent and continuous evolution in its operation. Crimeware developers have demonstrated resilience in the face of an evolving security landscape and law […]

OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown. Have you ever noticed they all had at […]

RAMBleed, a new side-channel attack enables attackers to read memory not belonging to them

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). A new side-channel attack that enables an attacker to read out physical memory belonging to other processes, named RAMBleed, is published. RAMBleed, based on a previous side channel called Rowhammer, violates arbitrary privilege boundaries. […]

2.3B Files Exposed in a Year: A New Record for Misconfigs

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Amazon S3 cloud bucket misconfigurations however have dropped dramatically. The last 12 months has seen the exposure of a record 2.3 billion files across cloud databases and online shares, according to an analysis released […]