Security News > 2023

WordPress is a highly popular open-source content management system used for creating and managing websites.The project's security team discovered a Property Oriented Programming chain vulnerability that was introduced in WordPress core 6.4, which under certain conditions could allow arbitrary PHP code execution.

As Cyber Solidarity Act edges closer to full adoption in Europe The US Cybersecurity and Infrastructure Security Agency (CISA) has signed a working arrangement with its EU counterparts to increase...

Russian national Anatoly Legkodymov pleaded guilty to operating the Bitzlato cryptocurrency exchange that helped ransomware gangs and other cybercriminals launder over $700 million. As a Bitzlato co-founder and principal stakeholder, Legkodymov has agreed to disband the cryptocurrency exchange and relinquish any rights to approximately $23 million in seized assets, as outlined in the plea agreement.

The U.S. Securities and Exchange Commission's new rules around disclosure of cybersecurity incidents go into effect on Dec. 15 for public companies with fiscal years starting on or after that date.Now, those organizations are asking what they need to alter or enhance about their disclosure procedures, incident response and existing cyber capabilities.

The UK National Cyber Security Centre and Microsoft warn that the Russian state-backed actor "Callisto Group" is targeting organizations worldwide with spear-phishing campaigns used to steal account credentials and data. Today, the United Kingdom officially attributed attacks to Callisto that led to the leaking of UK-US trade documents, the 2018 hack of the UK think tank Institute for Statecraft, and more recently, the hack on StateCraft's founder Christopher Donnelly.

TechRepublic Premium Quick Glossary: Cryptocurrency Cryptocurrency is a popular technological worldwide trend. Be forewarned, scams .... TechRepublic Premium What Is Artificial General Intelligence? Artificial general intelligence, or AGI, is a hypothetical form of AI designed to perform human-level cognitive functions, such as the capacity to self-teach.

The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection...

Meta has announced that the immediate availability of end-to-end encryption for all chats and calls made through the Messenger app, as well as the Facebook social media platform.E2EE has been available in the Messenger app as an optional feature called "Secret Conversations" since 2016 but Meta says it now enables it by default for all users as an additional layer of security.

Attackers usually gain access to an organization's cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories. These are long-term access tokens associated with an AWS IAM or federated users.

In both cases, it was an own goal when the org handed over the data itself while responding to requests made under the Freedom of Information Act 2000. The majority of the patients whose data was made public were maternity patients of The Rosie Hospital at the Addenbrooke's Hospital site.