Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

XML-RPC is a powerful and versatile protocol in the ever-evolving web development and data communication landscape. XML-RPC, which stands for Extensible Markup Language – Remote Procedure Call, provides a standardized way for software applications to communicate over the Internet. XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the webserver context.

GitLab has addressed two critical vulnerabilities in the GitLab Community Edition and Enterprise Edition that require immediate attention.

In the murky waters of cyber threats, one tactic has steadily gained wide adoption: URL redirection in phishing attacks. This stealthy technique allows cybercriminals to cloak malicious links, making them appear harmless to unsuspecting users. Among the vast expanse of online services, various Google Services stand out as frequent targets for exploitation. Cybercriminals find it opportune ground to hide their nefarious intents behind seemingly innocuous links.

As applications and their software supply chains become more complex, designing an AppSec program that is agile enough to keep pace, while still providing a clear, enterprise-wide view of risk requires a deep understanding of applications — depth that covers every line of code and package from development all the way to their live, running state.

Cybersecurity researchers recently uncovered a critical flaw in the widely used Apache OFBiz Enterprise Resource Planning (ERP) system, CVE-2023-51467. The zero-day vulnerability CVE-2023-51467 poses a significant threat, boasting a CVSS score of 9.8. This authentication bypass vulnerability stems from an incomplete patch for a previously disclosed Pre-auth Remote Code Execution (RCE) vulnerability, CVE-2023-49070.

In mid-December 2023, Volexity observed UTA0178–a potential Chinese nation-state threat actor–leveraging two zero-day vulnerabilities in Ivanti Connect Secure (formerly known as Pulse Connect Secure) VPN appliances to steal configuration data, modify and download files, establish a reverse tunnel, and ultimately place webshells (GLASSTOKEN) on multiple internal and external-facing web servers.

On January 10, 2024, Cisco disclosed a critical vulnerability, CVE-2024-20272, with a CVSS score of 7.3, in their Cisco Unity Connection software. This vulnerability allows an unauthenticated remote attacker to upload arbitrary files and execute commands on the underlying operating system. Cisco has released a patch to address the issue.

Note: These vulnerabilities remain under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. Two zero-day vulnerabilities have been discovered in Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways.

A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin's authentication API key and view sensitive logs (including password reset emails) on the affected website. A malicious hacker exploiting the flaw could access the key after triggering a password reset.

On March 1, 2017 the Department of Financial Services (DFS) introduced a regulation, known as 23 NYCRR 500, establishing cybersecurity requirements for financial services companies. This regulation, enacted by the New York State Department of Financial Services, specifically Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the State of New York (NYCRR) is commonly known as the "Cybersecurity Requirements for Financial Services Companies".