Month: March 2024
3uu — shariff_wrapper The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shariff’ shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘secondarycolor’ and ‘maincolor’. This makes it possible for authenticated attackers with contributor-level and…
Read MoreThe content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The recent years’ events, including the proliferation of ransomware, the pandemic, and political tensions, have fast-tracked the development of both offensive and defensive…
Read MoreMinecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service (DDoS) attacks, threatening server functionality, player experience, and the game’s reputation. Despite the prevalence of DDoS attacks on the game, the majority of incidents go unreported, leaving a gap in awareness and protection. This article explains what…
Read MoreThe U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. The defendants include Ni Gaobin (倪高彬), Weng Ming (翁明), Cheng Feng (程锋), Peng Yaowen (彭耀文), Sun Xiaohui (孙小辉), Xiong…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-031 DATE(S) ISSUED: 03/26/2024 OVERVIEW: A vulnerability has been discovered in multiple Apple products which could allow for Arbitrary Code Execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then…
Read MoreOn Secure Voting Systems Andrew Appel shepherded a public comment—signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature. From the executive summary: We believe that no system is perfect, with each having trade-offs. Hand-marked and…
Read MoreAttack on the UK’s Electoral Commission This indictment has prompted a strong international reaction, with the UK explicitly attributing similar cyber misconduct to China-affiliated actors. According to a statement from the UK government, the National Cyber Security Centre (NCSC) has linked a Chinese state-affiliated entity to the compromise of the UK Electoral Commission’s systems between…
Read MoreMar 26, 2024NewsroomMoney Laundering / Digital Currency The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S…
Read More“I get questions all the time from my colleagues who don’t look like me, asking how they can help, how they can show up and be a part of this,” says Palmore, who is Black. “So, I tell them ‘People entering this industry need to see you and I together coexisting, leading, and effectively engaged…
Read MoreMar 26, 2024NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities added are as follows – CVE-2023-48788 (CVSS score: 9.3) – Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 (CVSS score: 9.8) –…
Read More