WordPress patches four serious threats ahead of version 5.9
WordPress introduces an emergency patch for four critical vulnerabilities. WordPress 5.8.3 is available immediately.
WP_Meta_Query and WP_Query, two of the content management system's classes, were found to be vulnerable to SQL injection attacks. Furthermore, XXS attacks were enabled by post slu... Read more
Security researchers find new Log4Shell in H2 database software
Security organization JFrog has found a vulnerability in H2. The problem is similar to Log4Shell, the infamous threat in Log4j.
H2 consoles on servers accessible from the outside can be abused for remote code execution (RCE). Multiple lines of code in H2 send urls to a 'javax.naming.Context.look... Read more
Hackers use Google Doc comment emails to trick security tools
Avanan, a cybersecurity company, has shown a rise in the use of Google Docs’ productivity features to sneak malicious content past spam filters and security tools. Jeremey Fuchs, from Avanan, said the company saw cyberattackers use the comment feature in Google Docs over December to attack Outloo... Read more
Failed to patch Log4j? You might be risking a million-dollar penalty
The US Consumer and Market Authority (Federal Trade Commission) is threatening fines of hundreds of millions of dollars for American organizations that fail to patch Log4j.
On December 9, Alibaba's cloud security team disclosed a vulnerability in Log4j. The wildly popular Java library is applied... Read more
Google acquires startup Siemplify, expands its SOAR functionality
Google acquires security startup Siemplify to expand its data breach prevention capabilities. For this purpose, the startup's technology will be integrated into Chronicle, the tech giant's proprietary security business unit.
With the acquisition of Siemplify, also known as CyArx Technologies, Go... Read more
Security is key to Citrix Workspace and hybrid working
Virtualizing the workplace in the cloud or a data center received a huge boost through COVID-19. It's safe to say that Citrix is leading the way when it comes to virtualizing the workplace with Citrix Workspace. More and more companies will opt for a virtualized workplace, particularly from a secur... Read more
European companies frequent targets of Initial Access Brokers
Initial Access Brokers (IABs) are a growing threat to businesses, according to research by Group-IB. These IABs find vulnerable companies and sell access to other cybercriminals. It makes the work of ransomware operators easier. As a result, the number of ransomware attacks is also increasing. We s... Read more
Cybercrime dominates the world: ‘just the tip of the iceberg visible’
The world of cybercrime is gaining a stronger grip on business. Cybercriminals are becoming smarter, using more advanced techniques and attacking more frequently. Many security experts no longer question if a company will be hacked, but when a company will be hacked. In order to get a better pictur... Read more
Ransomware attack forces Portuguese media group Impresa offline
The attack is one of the most serious in that country's history
The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal. Impresa owns SIC TV channel, and Expresso newspaper, among other leading media, like several magaz... Read more
Log4j update in Microsoft 365 Defender causes stream of false notifications
The recently released Log4j update for Microsoft 365 Defender generated a stream of false notifications. Microsoft has since fixed the problem.
This week, Microsoft released an update for Microsoft 365 Defender to address the notorious chain of Log4j vulnerabilities. Unexpectedly, the update gen... Read more