Downshift

Interesting

Page 12 of 240

Popular WordPress plugin flaw puts four million sites at risk

Anka Markovic Borak, writing in vpnMentor »

A severe vulnerability affecting the Really Simple Security WordPress plugin, previously Really Simple SSL, has put four million websites at risk of potential takeover. Discovered on November 6, 2024, by Wordfence researchers, the flaw allows attackers to bypass authentication and gain administrative access due to faulty user verification handling.

Wordfence »

This is one of the more serious vulnerabilities that we have reported on in our 12 year history as a security provider for WordPress. This vulnerability affects Really Simple Security, formerly known as Really Simple SSL, installed on over 4 million websites, and allows an attacker to remotely gain full administrative access to a site running the plugin.

The vulnerability is scriptable, meaning that it can be turned into a large scale automated attack, targeting WordPress websites. The vendor worked with the WordPress plugins team to force-update all sites running this plugin before we published this post.

US DOJ wants Alphabet to do more than just sell Chrome

In August, a judge ruled (Bloomberg) the Alphabet, Inc. held an illegal search monopoly in the US.

The Department of Justice is now attempting to force Google to sell off (Reuters) its Chrome browser in an antitrust action against the company. If the proposal is grated, this would endanger the survival of other technologies and many other companies.

» 24-page court pdf document filed with the court late November 20th.

More » The Guardian (Nov 19) / Japan Times / AP / Ars Technica / BloombergThe Verge / The Atlantic / Fast Company / Business Insider / Droid Life

Cybersecurity of water treatment plants called into question

“On October 1, Durham staff identified a security breach affecting a limited component of the digital systems at the Duffin Creek Water Pollution Control Plant. The affected system was isolated and operations at Duffin Creek are currently running in auto or manual mode,” revealed the Regional Municipality of Durham, Ontario brief statement dated October 11, 2024.

“There has been no impact to any other component of the network at Duffin Creek or elsewhere in Durham’s network. There has been no impact to health, safety or the environment. No private or sensitive information is contained in the affected system, and Duffin Creek is fully operational.”

Just days later, a higher profile cybersecurity event occurred across the border. American Water Works — a Camden, New Jersey-based utility of drinking water and wastewater services — said hackers had breached its computer networks and systems.

Continue reading

FBI and CISA warn China is targeting the telecommunications Infrastructure

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a statement that reads »

Specifically, we have identified that People Republic of China (PRC)-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. We expect our understanding of these compromises to grow as the investigation continues.

Domestic counter-intelligence and national security agencies are alarmed at the recklessness of Russia’s actions

Dan Sabbagh and Pjotr Sauer, writing for The Guardian »

The most serious threat was an assassination plot targeting Armin Papperger, the CEO of the German defence company Rheinmetall, one of many European firms helping supply Ukraine. Though this was detected, other arms industry executives around Europe were also said to have been targeted by Russian assassins.

Police are investigating whether Russian spies posted incendiary devices – via the delivery firm DHL – around Europe, to Birmingham in the UK and Leipzig in Germany. This would have carried the risk of the devices catching fire inside the cargo bay of a plane and bringing it down, as the head of Germany’s domestic intelligence agency warned on Monday this week. It may be fortunate that no lives were lost.

Continue reading

What are deepfakes and how to defend against generative AI deception

The rapid advancements in artificial intelligence (AI) have unleashed a new threat: deepfakes. As powerful and effective models become more easily accessible, the risk of deepfakes becomes a present danger, for corporations, small businesses, and individuals.

IBM security guru Jeff Crume explores the technology, risks, and offers a few mitigation strategies to help us stay on top of this rapidly evolving landscape.


Note: Clicking the above image will load and play the video from YouTube.

« Older posts Newer posts »

© 2025 Downshift

Theme by Anders NorenUp ↑