A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Anker are a very popular consumer technology company, so if you have one of their home hubs, you might want to take a look pretty quickly.

I want to take some time to explain the importance of using a white-box approach when testing applications for vulnerabilities. To help in this endeavor, I will use a real-world example to demonstrate how researchers (in this case Karim El Ouerghemmi and Simon Scannell) *may* have found a vulnerability in WordPress (CVE-2022-21662 a 2nd order stored XSS) and how you, as a security researcher, can also use a white-box approach to find an exotic XSS vulnerability.

As companies accumulate and store large amounts of business data in the cloud, data security and governance become a major concern. More than 16,000 companies use Egnyte to manage, secure, and govern their content. These businesses rely on the unified platform to keep their business running smoothly, because data loss due to ransomware attacks or accidental file deletion could have profound impacts on their bottom lines.

AT&T Business’ most recently #BizTalks Twitter Chat—What’s New in Cybersecurity—Insights, Threat Trends, & RSA Learnings—explored many emerging concepts in the cybersecurity industry. Head to the @ATTBusiness Twitter page—go.att.com/twchat—to see the full chat and learn more. It was an interesting conversation with diverse opinions. Here are some of the highlights.

Last week Netacea team members from the UK and across the US converged at RSA Conference, the biggest event in the cybersecurity calendar, at the Moscone Center in San Francisco. It was a pleasure to talk to so many likeminded security professionals at our booth, and an honor to be given a speaking session from which to spread the word about automated threats.

The cybersecurity landscape is complex enough without the lack of a common vocabulary. But, often, organizations use common security terms incorrectly or interchangeably. This leads to confusion, which leads to frustration, which can lead to something much, much worse. Something like a breach. Let’s take a moment, then, to review the four most commonly mixed-up and misused security terms in the cybersecurity world.

In the first six parts of this blog series, we laid the foundation for beginning to work with and manage Active Directory (AD). With the groundwork out of the way, it is now time to explore the relationship between cybersecurity and AD. Taking this series one step further, this blog provides an overview of which design considerations are important in securing your AD infrastructure against potential security breaches.

If you don’t think API security is that important, think again. Last year, 91% of organizations had an API security incident. The proliferation of SOAP and REST APIs makes it easy for organizations to tailor their application ecosystems. But, APIs also hold the keys to all of a company’s data. And as data-centric projects become more in demand, it increases the likelihood of a target API attack campaign.

Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation that seized tens of millions of dollars and seen more than 2000 people arrested. Operation “First Light 2022”, running for two months from March 8 2002 until May 8 2022, saw 76 countries clamp down on organised crime rings behind a variety of scams, seizing criminal assets, and providing new investigative leads around the world.

The General Data Protection Regulation, a GDPR, requires business entities to put appropriate technical and organisational measures in place and implement privacy-compliant procedures and processes. The need to implement the data protection principles is to guard the safety of customers’ default personal data and protect natural persons’ rights. This requirement leads to addressing the guide of data privacy by design and by default.