A critical security flaw, known as CVE-2024-1071, has been found in the Ultimate Member plugin for WordPress. This vulnerability, with a CVSS score of 9.8, poses a significant risk to over 200,000 active installations. It potentially enables attackers to extract sensitive data from compromised databases, presenting a severe threat to website security.

The rise of remote learning has motivated cybercriminals to advance their assault on the education sector. In 2022, cybercriminals deployed more than 2200 attacks against higher education institutions every week, a 44% increase compared to 2021 (Check Point, 2022). Risk professionals attribute this increase to various factors, including the structure of remote learning environments.

Like most high-performing organizations, higher education institutions often utilize third-party vendors to outsource key services, such as data management and research initiatives. This reliance on third-party vendors can lead to various risks, including data privacy vulnerabilities, compliance issues, and operational disruptions. Therefore, universities must implement advanced vendor management processes to mitigate these risks.

Today most organisations are thinking about or deploying AI and, in effect, trying it out. This is supported by Gartner, which states that approximately 80% of enterprises will have used generative artificial intelligence (GenAI) application programming interfaces (APIs) or models by 2026. As AI drives value for organisations, it is fuelling further demand and adoption.

In cybersecurity, change is a given. Technology is constantly evolving, and attackers are always updating their tactics. If you want your organization to remain secure in this ever-changing environment, it’s not enough to keep up with the trends — you need to be one step ahead.

Analysis of the second half of 2023 shows attackers are getting more aggressive with email-based phishing attacks in both frequency and execution. Until there’s a catch-all way to stop malicious emails from being an effective means of initial attack, phishing will continue to grow as the primary initial attack vector for cybercriminals.

As social media phishing reaches new heights, new data reviewing 2023 shows a massive effort by cybercriminals to leverage impersonation of social media brands. Cybercriminals are no longer just targeting your corporate network. Due to the rise of the cybercrime economy, there are a growing number of cybercriminal gangs strictly going after initial access (that can be sold to other cybercriminals).

Organizations worldwide use Active Directory (AD) as their primary identity service, which makes it a top target for ransomware attacks. This article explains how adversaries exploit Active Directory during ransomware attacks and provides strategies and tools for defending against this modern menace.

Active Directory domain consolidation is the process of restructuring an organization’s Active Directory setup to reduce the number of domains. Consolidation is often performed as part of a company reorganization, merger or acquisition, but it is also used to simplify an AD infrastructure that has become unwieldy over time.