Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites

25/04/2023 0 Comments 0 tags

Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

25/04/2023 0 Comments 0 tags

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. “Attackers exploiting this vulnerability could leverage

Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach

22/04/2023 0 Comments 0 tags

Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

22/04/2023 0 Comments 0 tags

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

21/04/2023 0 Comments 0 tags

A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. “The attackers also deployed DaemonSets to

GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform

21/04/2023 0 Comments 0 tags

Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim’s

14 Kubernetes and Cloud Security Challenges and How to Solve Them

21/04/2023 0 Comments 0 tags

Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud

N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX

21/04/2023 0 Comments 0 tags

The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat

Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products

21/04/2023 0 Comments 0 tags

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The

Two Critical Flaws Found in Alibaba Cloud’s PostgreSQL Databases

20/04/2023 0 Comments 0 tags

A chain of two critical flaws has been disclosed in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and