On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This vulnerability stems from improper handling of special elements in the “host” parameter within the CGI program of certain AP and router versions, potentially allowing an unauthenticated attacker to execute OS commands by sending a specially crafted cookie to the vulnerable device.

Blockchain technology continues to grow in prominence, and as it expands, a wide range of businesses are looking to develop digital asset products. At the same time, many startups are launching with digital assets at the center of their businesses. If you are running a digital asset business or building a blockchain product, it’s important to consider what type of custody management solution will best support your business.

An X-Powered-By header is a type of HTTP response in the header field (most headers prefixed with an ‘X-‘ are non-standard) that informs the user which technology stack or framework is running on the web server. For example, if a web server is running Node.js, the header would be “X-Powered-By:Express”, which indicates an Express framework is being used.

The SecOps Cloud Platform (SCP) helps managed security service providers (MSSPs) improve their response times in several ways. Here is an overview of the most significant use cases.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Better get patching!

Vulnerability management is absolutely critical to protecting an organization’s IT and cloud infrastructure, systems, or applications from incoming threats. The ability to remediate the most relevant vulnerabilities quickly is the only way to keep your perimeter safe. Yet, security teams struggle with managing vulnerabilities. Why? At the core lies a fundamental communication and collaboration problem.

Phishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by targeting humans directly. “The enduring dominance of phishing as an initial access technique underscores its effectiveness and persistence in the face of cybersecurity advancements and more sophisticated methodologies,” the researchers write.

Read also: A former cop gets 20 months in prison for selling victims’ personal data, a BEC scammer sentenced, and more.

The risk of cyber attacks for companies is increasing and can significantly disrupt their operations, have negative financial consequences and damage their reputation. Small and medium enterprises (SMEs) are especially vulnerable to these attacks due to limited resources and a lack of cyber security expertise. Understanding the significance of cyber security is crucial for protecting sensitive data and ensuring business continuity.