UK charities including Shelter, the RSPCA, the Dogs Trust, Battersea Dogs and Cats Home, and Friends of the Earth have warned their supporters that hackers have stolen their data following a breach at a supplier.
Yearly Archives: 2023
Simple Membership Plugin Flaws Expose WordPress Sites
Patchstack uncovered an unauthenticated role privilege escalation flaw and an account takeover vulnerability
Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims
According to Resecurity, Ransomed.vc is demanding a ransom of over $1m from NTT Docomo
BEC Attacks Increase By 279% in Healthcare
CVE-2023-0833
A flaw was found in Red Hat’s AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CVE-2023-0456
A flaw was found in APICast, when 3Scale’s OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.
CVE-2022-48606
Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.
CVE-2021-38243
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution.
macOS Sonoma is the current major release of macOS
Safari is a web browser developed by Apple
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Leading CISO Creates Model for Ransomware Payment Decisions
Lorraine Dryland, CISO at First Sentier Investors, discusses how to help executives make fast and informed decisions when presented with a ransomware demand