Security Leftovers
-
Release of a Technical Report into Intel Trust Domain Extensions
Today, members of Google Project Zero and Google Cloud are releasing a report on a security review of Intel's Trust Domain Extensions (TDX). TDX is a feature introduced to support Confidential Computing by providing hardware isolation of virtual machine guests at runtime. This isolation is achieved by securing sensitive resources, such as guest physical memory. This restricts what information is exposed to the hosting environment.
-
Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor
Threat actors have been observed abusing Kubernetes RBAC to create backdoors and hijack cluster resources for cryptocurrency mining.
-
External Signs of Narcissism – Raising Awareness to Avoid Collateral Damage
Learning how to spot the signs of narcissism and identify narcissists will help us ensure that we do not bring these people into our security and fraud teams, or our enterprises.
-
To combat cybercrime, US law enforcement increasingly prioritizes disruption
Rather than focusing on arrests, U.S. law enforcement is trying to prevent additional victims of online crime.
-
Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said
During the 2023 RSA Conference, top officials provided rare insight into sharing information to protect U.S. networks from malicious hackers.
-
Industrial security vendors partner to share intelligence about critical infrastructure threats
The biggest companies working in industrial cybersecurity are building an early-warning platform called ETHOS to share threat intelligence.
-
38 Countries Take Part in NATO’s 2023 Locked Shields Cyber Exercise
More than 3,000 participants from 38 countries took place in NATO’s 2023 Locked Shields cyber defense exercise.
-
Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks
Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations.
-
North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware
North Korea-linked hacking group BlueNoroff/Lazarus was seen using the RustBucket macOS malware in recent attacks.
-
SolarWinds Platform Update Patches High-Severity Vulnerabilities
SolarWinds has patched two high-severity vulnerabilities that could lead to command execution and privilege escalation.
-
New Data Sharing Platform Serves as Early Warning System for OT Security Threats
Several OT cybersecurity firms have teamed up to create an information sharing platform designed to serve as an early warning system for critical infrastructure.
-
Huntress: Most PaperCut Installations Not Patched Against Already-Exploited Security Flaw
Researchers warn that majority of Windows and macOS PaperCut installations still vulnerable to critical vulnerability already exploited in malware attacks.
-
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation
WordPress is one of the most popular content management systems in the world due to the ability it gives non-technical, inexperienced users to create professional, effective websites. According to data from W3Techs, WordPress was used by 43% of all websites on the Internet in 2022.
This widespread usage, combined with persistent security vulnerabilities, has put a target on WordPress’s back. Malicious hackers have come to view attacks exploiting WordPress vulnerabilities as an easy and effective way to gain access to valuable credentials and infect systems with harmful software.
Securing WordPress sites against damaging attacks is a challenge, as new vulnerabilities are constantly being discovered, and even sites that are considered secure are frequently breached with emerging attacks. In this article, we introduce a minimum impact solution that leverages predictive analysis detection and automated remediation, and demonstrate its effectiveness in securing WordPress sites against attacks exploiting both new and known flaws.