CIS is releasing an out-of-the-box configuration report to help give you visibility in the software updates we’ve implemented from one month to the next.[…]
Monthly Archives: January 2023
Planet Ice hacked! 240,000 skating fans’ details stolen
Planet Ice, which operates 14 ice rinks up and down the UK, has revealed that criminal hackers managed to break into its systems and steal the personal details of over 240,000 customers.
Read more in my article on the Hot for Security blog.
CVE-2016-15023
A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability.
GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them
Revoking these certificates will invalidate some versions of GitHub Desktop for Mac and Atom
DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000
Victims were redirected to a fake landing page to exfiltrate their Proofpoint credentials
USN-5836-1: Vim vulnerabilities
It was discovered that Vim was not properly performing memory management
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. (CVE-2022-47024, CVE-2023-0049,
CVE-2023-0054, CVE-2023-0288, CVE-2023-0433)
CVE-2020-20402
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.
IoT, connected devices biggest contributors to expanding application attack surface
The growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organizations’ expanding attack surfaces. That’s according to a new report from Cisco AppDynamics, which revealed that 89% of global IT professionals believe their organization has experienced an expansion in its attack surface over the last two years. The Shift to a Security Approach for the Full Application Stack report surveyed 1,150 IT professionals in organizations across a range of sectors and international markets to outline the current application security challenges impacting IT departments.
Financial Services Targeted in 28% of UK Cyber-Attacks Last Year
API attacks, bad bots and DDoS attacks were the industry’s main security challenges
Guardz debuts with cybersecurity-as-a-service for small businesses
Guardz, a Tel Aviv-based startup promising a broad range of out-of-the-box cybersecurity solutions for small and medium-size businesses (SMBs), has announced both a successful $10 million round of seed funding and the broad availability of its flagship product.
The premise of the company’s main offering is tight API integration with Microsoft 365 and Google Workspace. Guardz automatically enrolls all user accounts upon activation, and monitors risk posture, performs threat detection on all monitored accounts and devices, and offers one-click remediation for some threats.