Threat actors are exploiting critical vulnerabilities in Microsoft SharePoint Server products, including CVE-2023-29357 and CVE-2023-24955, which allow for remote code execution and bypass authentication, posing a significant risk to organizations using SharePoint servers.
Ukraine reports a 123% increase in cyber-attacks from Russia in the first half of 2023, with hackers shifting focus to target law enforcement agencies and gather war crime evidence.
The Simple Membership plugin for WordPress has been found to have two security flaws that could result in privilege escalation issues, including unauthenticated users being able to register accounts with arbitrary membership levels and authenticated users being able to take over any member account through an insecure password reset process.
Lorraine Dryland, CISO at First Sentier Investors, has created a quantitative decision-aid model to assist organizations in determining whether to pay a ransom following a cyber-attack, taking into account technical and business implications, restore time, impact scale, client impact, and ethical and legal liabilities.
Researchers have found a vulnerability in contemporary GPUs known as GPU.zip that allows for a new type of side channel attack, targeting Google Chrome and potentially exposing sensitive information.
Google has identified a critical security flaw in the widely used libwebp image library, known as CVE-2023-5129, which allows attackers to execute arbitrary code through a heap buffer overflow and is actively being exploited, impacting major tech companies like Apple, Google, and Mozilla.
