Ελληνικά
The problem with a lot of things being online and connected to the internet these days is that it makes them vulnerable to hackers. A good example would be a recent story of how a town in Florida nearly had their water supply contaminated to dangerous levels when hackers managed to breach the system. According […]
Author Archives: CSIRT
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws. Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. The NextGen Gallery plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, […]
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, Bleeping Computer has learned. These attacks were part of two campaigns that ran between September and December 2020, targeting victims in multiple recurring waves. One of the two attack campaigns specifically targeted Spanish speaking victims […]
The perpetrators behind the SolarWinds supplychain attack were observed leveraging four separate, techniques to bypass identity and access management protections and laterally move from victims’ on-premises networks to their cloud-based Microsoft 365 accounts. Companies that use M365 may therefore wish to heed three key recommendations: harden your hybrid environments, conduct thorough audits of your cloud […]