The CISA and CNMF prevent a foreign-based cyber-criminal carrying out an attack on three US Federal Agencies
Monthly Archives: April 2023
#RSAC: Understanding AI’s Role in Cybersecurity Beyond the Hype
Diana Kelley explains why unrealistic expectations of AI can have serious consequences
CVE-2022-28354
In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.
CVE-2012-10014
A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232.
CVE-2012-10013
A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231.
#RSAC: Computer Science Courses Must Teach Cybersecurity to Meet US Government Goals
The US government has for security to become a standard component of computer science courses. Infosecurity investigates how this can be achieved
Flashpoint releases Ignite platform with threat intelligence reports, rule-based alerts
Threat intelligence firm Flashpoint has announced the release of Ignite, a new intelligence platform built to accelerate cross-functional risk mitigation and prevention across vulnerability management and security teams, including those in law enforcement, state and local government, and federal civilian agencies. Designed for practitioners, Ignite delivers real-time pictures of pertinent risks while reducing silos that can result from disparate intelligence feeds from multiple partners, helping organizations in the private and public sectors reduce exposure to cyber threats and tackle national security risks, Flashpoint said. The platform was announced during RSA Conference in San Francisco.
OT giants collaborate on ETHOS early threat and attack warning system
One of the greatest fears among government officials and security experts is a crippling cyberattack on industrial organizations that run essential services, including electricity, water, oil and gas production, and manufacturing systems. The proprietary and complex nature of the operational technology (OT) tools used in these systems, not to mention their rapid convergence with IT technology, makes securing OT systems a chronic, high-stakes challenge.
The growing demand for greater OT and industrial control system (ICS) security expertise has led to the rise of a vibrant group of OT security companies that vigorously compete with one another to grab customers in the growing space. These competitors are setting aside their rivalries to collaborate on a new vendor-neutral, open-source, and anonymous OT threat early warning system called ETHOS (Emerging Threat Open Sharing) that aims to share data on early threat indicators and discover new and novel attacks.
Scammers Impersonate Meta in Facebook Campaign With 3200 Profiles
Phishing websites and session hijacking attacks were used to access Facebook and other accounts.
US Navy Contractor Fincantieri Marine Group Hit by Cyber-attack
Shipbuilder said the incident affected its email server and some network operations