On October 9, 2024, the security researchers at Astra Security found an HTML injection vulnerability in the messages section of the Admidio User Management solution. The vulnerability, assigned CVE-2024-47836, allows attackers to inject arbitrary HTML content into the application, which could manipulate webpage behavior, mislead users, and act as a precursor to further attacks.

The researchers from Astra’s security team, on November 6, 2024, found a Stored Cross-Site Scripting (XSS) in InstantCMS, a free and open-source CMS that allows you to build websites. The vulnerability was identified in the photo album page’s photo upload function.

On 29 July 2024, the researchers at Astra identified a critical vulnerability in UnifiedTransform, a popular school management software. CVE-2024-53573 is an improper access control vulnerability in an admin endpoint, leading to an account takeover.

It’s been a year since we debated if Santa is an insider threat. For this festive newsletter, I’m going to be following up with how to wrangle in the elves. Historically Santa elves are known for their workshop skills, putting together cute wood toys and sewing holiday stockings. Fast forward to the 21st century and the skills required to be a modern elf have exploded.

No, you don’t need more than one Privileged Access Management (PAM) solution to protect your organization if you find one that encompasses zero-knowledge security, granular access control, session management and automated password rotation. Previously, your organization may have needed multiple PAM solutions for various tasks; however, KeeperPAM is a unified platform that provides centralized cloud management of privileged access, passwords, secrets and connections.

Many years ago, the philosopher Phaedrus said, “Things are not always what they seem; the first appearance deceives many; the intelligence of a few perceives what has been carefully hidden.” He couldn’t have possibly imagined today’s world, yet his warning encapsulates deepfakes, one of the greatest threats of modern times. As AI advances, digital disinformation is blurring the lines between fact and fiction.

In today’s competitive job market, employees are increasingly seeking a sense of purpose and belonging in their work environments. As McKinsey reports, purpose has become a pivotal factor in employee retention. IT leaders who fail to connect their teams’ day-to-day tasks to a broader mission risk losing top talent to organizations that do.

In today’s rapidly evolving digital landscape, IT leaders are under constant pressure to deliver outcomes that align directly with business value. Gone are the days when technology decisions were made in isolation. Today, every IT investment must contribute to operational efficiency, cost savings, security, and scalability—all while empowering the business to innovate and grow.

For most people, the holidays may be a time for winding down and taking a break. For cyber criminals, it’s just the opposite. With many of your staff out of the office or signing in remotely, and a large percentage of business being done at the end of the year, organizations are a prime target for cyber threats on and around the holidays. To protect your organization, you’ll want to enact a firm security framework.

Endpoint management is a key part of keeping businesses safe from cyber dangers that are getting worse. Every device on your network, from computers to smartphones, is an endpoint. This means that hackers have a lot more places they can attack. Endpoint control that works well is not only a strategic must, but also a key part of strong cybersecurity.