A roundup of the top WordPress plugin vulnerabilities and patch updates for May, 2023. Core WordPress update is also available which patches several bugs and vulnerabilities. Update now to mitigate risk.
Flash loan attack on Jimbos Protocol steals over $7.5 million
Jimbos Protocol, an Arbitrum-based DeFi project, has suffered a flash loan attack that resulted in the loss of more than of 4000 ETH tokens, currently valued at over $7,500,000.
MCNA Dental data breach impacts 8.9 million people after ransomware attack
Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million patients that their personal data were compromised.
Cavi sottomarini italiani a rischio sabotaggio: necessaria la diversificazione degli approdi
Eurispes lancia l’allarme sul rischio di sabotaggio dei cavi sottomarini: vulnerabilità mitigabile adottando una politica di diversificazione degli approdi. Un problema, quello della protezione delle infrastrutture sottomarine, sempre più rilevante anche alla luce dell’attuale situazione geopolitica. Facciamo il punto
Lazarus hackers target Windows IIS web servers for initial access
The notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services (IIS) web servers to gain initial access to corporate networks.
400 Security Practitioners Gave These 7 Insights into Their Cybercrime Monitoring
The cybercrime underground is complex and dynamic, and cybercrime threats that emerge from it pose a significant risk to organizations. What organizations know and refer to as the cybercrime underground is changing within the hour. Unfortunately, many organizations underestimate that risk or may believe that cybercrime monitoring and threat detection doesn’t apply to their organization. […]
Attacks on MSPs: How Threat Actors Kill Two Birds (and More) With One Stone
Yael Kishon, Threat Intelligence Analyst Managed service providers (MSPs or MSSPs) have become a vital part of many companies, providing a range of IT services and support to keep operations running smoothly. At the same time, MSPs become attractive targets for cybercriminals aiming not only to compromise assets of a single company, but also to […]
An Executive’s Guide To The Cybercrime Underground
David Carmiel, KELA’s CEO In recent years, the cybercrime underground has become increasingly sophisticated and profitable by preying on vulnerable organizations. As a result, security leaders must gain visibility into what happens in this underground network of illegal activity to protect their organizations from emerging threats and accurately assess their risks. In this article, I […]
Cinque anni di GDPR, con la lente del Garante Privacy: equilibrio tra tecnica e libertà
Negli ultimi cinque anni, l'Autorità Garante per la protezione dei dati personali, comunemente nota come Garante Privacy, ha svolto svariate attività: da quelle di sensibilizzazione/campagne informative, a quelle più severe pensando a ispezioni e sanzioni. Facciamo il punto di questo primo quinquennio
Come mettere in sicurezza le Blockchain dalle sue (tante) vulnerabilità
Sono diverse decine gli attacchi documentati a questa tecnologia che, tra punti deboli e vere e proprie vulnerabilità, risulta essere meno sicura di quanto si possa credere. Alcuni accorgimenti per aumentarne resilienza e resistenza ai cyber attacchi
PyPI announces mandatory use of 2FA for all software publishers
The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA) turned on by the end of the year.
Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains
A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files.