Dec 27, 2023 | Podcast
A critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, tracked as CVE-2023-50164, is reportedly being ignored by developers, leaving approximately 80% of recent Struts downloads exposed to the flaw. The severity of the vulnerability,...
Dec 26, 2023 | Podcast
A groundbreaking attack named “Terrapin” has been uncovered, posing a significant threat to the security of the (SSH) Secure SHell Protocol. SSH, developed nearly 30 years ago to counter password sniffing attacks, is widely used to secure connections in...
Dec 22, 2023 | Podcast
A recently discovered “SMTP smuggling” technique is allowing cyber attackers to sidestep email security protocols like Domain-based Message Authentication, Reporting, and Conformance (DMARC), posing a significant threat to organizations. The method...
Dec 21, 2023 | Podcast
In a case highlighting the importance of removing access upon termination, a disgruntled employee wreaked havoc with his employer’s systems when he was terminated. A former cloud engineer at a bank was terminated for violating company policies, including...
Dec 20, 2023 | Podcast
Ubiquiti users were reporting last week that they were seeing other people’s notification and had access to their devices. The incident was first reported on Reddit, where a user received a notification from UniFi Protect, including an image from someone...
Dec 18, 2023 | Podcast
It’s been almost 3 years since the critical Log4j vulnerability was disclosed and there are still approximately 38% of applications using vulnerable versions of the Apache Log4j library. Despite patches being available shortly after vulnerability disclosure,...
Dec 15, 2023 | Podcast
Apple will soon be introducing a Stolen Device Protection feature which is aimed at enhancing security if an iPhone is stolen, particularly in scenarios where thieves obtain the device passcode. The feature is currently in beta testing and relies on biometrics via...
Dec 14, 2023 | Podcast
Over 50% of insider attacks involve exploiting elevation of privilege flaws. A research study, based on data from January 2021 to April 2023, shows a rise in insider threats, with 55% relying on privilege escalation exploits and the remaining 45% introducing risks by...
Dec 13, 2023 | Podcast
In a significant update, Meta has announced the rollout of default end-to-end encryption for personal messages and calls on Messenger and Facebook. This means that private chats and calls across Messenger will now be automatically encrypted by default, enhancing...
Dec 12, 2023 | Podcast
A set of 14 security vulnerabilities named “5Ghoul” has been discovered in the firmware implementation of 5G mobile network modems from major chipset vendors like MediaTek and Qualcomm. The flaws impact USB and IoT modems, along with hundreds of smartphone...
