Apr 26, 2024NewsroomThreat Intelligence / Cyber Attack Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to…
Read More
In 2022, we published an article discussing the rise in targeted cyberattacks on managed service providers (MSPs), which included warnings from the Five Eyes intelligence alliance. Nearly two years later, it has become evident that these warnings were well-founded, as attacks on MSPs now occur on a regular basis. In this article, we will explore…
Read More
Frequently asked questions about CVE-2024-20353 and CVE-2024-20359, two vulnerabilities associated with “ArcaneDoor,” the espionage-related campaign targeting Cisco Adaptive Security Appliances. Background The Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding an espionage campaign called ArcaneDoor. FAQ What is ArcaneDoor? ArcaneDoor is the name given to an espionage-focused campaign…
Read More
The data security company remains committed to driving its business through channel partners after completing the first cybersecurity IPO in more than two years, Rubrik co-founder and CTO Arvind Nithrakashyap tells CRN. Rubrik’s stock price surged Thursday following the completion of its initial public offering, another indicator that the data security company remains on track…
Read More
The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if law enforcement takes down these platforms. This announcement is aimed at crypto transfer platforms not registered as Money Services Businesses (MSB) and non-compliant with anti-money laundering requirements as mandated by U.S. federal law. Such cryptocurrency services are frequently…
Read More
Because of its ubiquity as a network platform, Windows all too often gets blamed as the source of a host of network security vulnerabilities. But recent events have shown the truth — that all sorts of network components have flaws and that there are many nefarious means attackers can use to enter and take control.…
Read More
The Los Angeles County Department of Health Services disclosed a data breach after patients’ personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. This integrated health system operates the public hospitals and clinics in L.A. County (the most populous county in the United…
Read MoreVideo The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges, as well as why he became involved with Starmus 24 Apr 2024 We speak to Todd Douglas Miller, the director of the Apollo 11 movie and a recipient of the Stephen Hawking medal for…
Read More
As we near the halfway point of the year, organizations are under tremendous pressure to grow businesses across all industries. It’s no secret: bottom lines must rise and 2024 has been earmarked as a pivotal year to revert to growth mode. Many organizations will find an uphill battle here; the previous few years have taken…
Read More
Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. Since last September, the sinkhole server received over 90,000 requests every day from infected hosts in more than 170 countries. Since September 2023, when Sekoia captured…
Read More