Product Name: bodi0’s Easy Cache Vulnerability: Stored XSS Vulnerable Version: Will be disclosed soon CVE: Will be disclosed soon On September 16, 2024, the team of pentesters at Astra Security found a stored Cross-Site Scripting or XSS in bodi0’s Easy Cache plugin. It is a plugin designed for WordPress that helps optimize the caching functionality, thus allowing enhanced page loading and reducing the server load.

Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive help with their winter heating bills. In July, the UK's new Labour Government announced that it was limiting who was eligible for assistance with their winter fuel bills by making eligibility means-tested.

CYJAX has identified a novel phishing technique which is used to harvest Microsoft credentials via websites which are masqueraded as locked Microsoft Word documents. This technique, which CYJAX is calling DirtyWord, uses a blurred Word document as the page background to inform the user that they must log in to view the document. Whilst CYJAX has not observed the delivery mechanism of the phish, it appears that it likely occurs through spear-phishing emails.

A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique. In the second and third quarters of 2024, state-sponsored APTs from China, Russia, Iran, and North Korea used social engineering attacks to compromise their targets. Iranian threat actors continued conducting cyber espionage against countries across the Middle East, Europe, and the US. They also expanded their targeting to hit financial companies in Africa.

As everything is moving online these days, from shopping to healthcare, the need for stronger, more secure authentication methods has become important. This is especially true at a time when cases of identity theft have skyrocketed globally. Recent reports have shown that identity theft cases resulted in a whopping $23 billion in losses in 2023 alone. This indicates that both businesses and consumers are feeling the heat.

As IT infrastructure evolves, selecting the right partners and solutions means more than just keeping up with technology trends. For IT decision makers, these choices can impact the security and growth of your business operations. Network demands are constantly changing, so finding a solution that can deliver consistent performance and advanced data protection can be key. By focusing on customer success, Fortinet has consistently met the challenges of their customers and has driven innovation.

Security Operations Centers (SOCs) are under immense pressure to ensure no attack goes unnoticed. At Corelight, we’re being approached daily to help bring in network visibility. For many though, visibility isn’t enough. SOCs are already overloaded and Tier 1 Analysts often lack network expertise. Modern network visibility has to be easy to use and designed for maximizing SOC efficiency. For that, we built Guided Triage.

In what feels like 10 minutes, cybersecurity AI and machine learning (ML) have gone from a concept pioneered by a handful of companies, including SenseOn, to a technology that is seemingly everywhere. In a recent SenseOn survey, over 80% of IT teams told us they think that tools that use AI would be the most impactful investment their security operations centre (SOC) could make.

As AI continues to mature, we’re beginning to see AI-powered capabilities fall into distinct categories that serve different functions across the enterprise. From help tools like copilots that assist users, to conversational bots providing AI-driven chat support, and efficiency-focused agents that automate complex tasks, these categories reveal the unique ways AI is transforming business operations.

When tasked with the IT security of an organization, it can be easy to get bogged down in particulars and definitions and lose heart before you’ve even begun. With a plethora of terms to learn, details to secure, and moving parts to keep track of, building an effective cybersecurity strategy is no simple task. It requires a great deal of effort, planning, and coordination.