Title: Unpatched Security Vulnerability in Ultimate Member Plugin for WordPress Date: 05/07/2023 Link: The HackerNews Introduction We would like to inform our valued clients about a critical security vulnerability affecting the popular Ultimate Member plugin for WordPress. This vulnerability poses a significant risk to your website’s security, allowing attackers to create new user accounts with […]
05
Jul
Jul
What is External Penetration Testing External penetration testing also known as external network penetration testing helps to assess the security organisation’s online presence and evaluate the effectiveness of its public-facing systems. The primary objective of this testing is to simulate real-world cyber threats originating from anywhere in the world, with ethical hackers acting as external […]
04
Jul
Jul
Thinking About Getting Your Cloud Platform SOC 2 Compliant? If your company handles sensitive data, you may be required to undergo a SOC 2 audit to ensure that your systems and processes are secure and compliant with industry standards. There are five basic steps to ensure compliance the first time around — from understanding the […]
21
Jun
Jun
2023 MOVEit Cyber Attack to Affect the Masses Yet again, here’s a prime example of how a security vendor has failed to provide a secure tool. Sure…MOVEit may have had a fancy sales pitch and enticing software promising to transfer sensitive files securely when in fact were not secure themselves. The UK Evening Standard reported, […]
20
Jun
Jun
Title: Improper Access Control in DEPUSDT_LEVUSDC Protocol Date: 15/06/2023 Link: https://twitter.com/1nf0s3cpt/status/1669624223059546112?s=46 An attack has occurred on the $DEPUSDT token on the Ethereum blockchain, leading to a significant loss of approximately $69,000. Additionally, the attacker also targeted the $LEVUSDC token, resulting in a loss of approximately $36,000. The attack was made possible due to the existence […]
19
Jun
Jun
If artificial intelligence wants to be human so badly, let’s start treating it like one. Right now, we’re seeing a flurry of ‘panic policies’, in which organisations are scrambling to not only define what ‘AI’ is (clue: it’s not just ‘Chat GPT’), but also how to protect themselves against it, whilst not missing out on […]
19
Jun
Jun
The Emergence of Blockchain Technology How did we arrive at blockchain technology? Let’s start from the beginning. The internet, which has been in existence for over 60 years, is built on the TCP/IP and OSI model stack. Originally designed for information sharing through the client-server model, the internet has evolved into a powerful technology that […]
Risk Rating: CRITICAL Affected Products: MOVEit Transfer Affected Version: 2023.0.0 (15.0), 2022.1.x (14.1), 2022.0.x (14.0), 2021.1.x (13.1), 2021.0.x (13.0), 2020.1.x (12.1) Patched Version: CVE-2023-34362, CVE-2023-35036 Proof-of-Concepts available: no Vendor: Progress Software Corporation Date: 31/05/2023, 09/06/2023 Introduction: A severe Zero-Day vulnerability was disclosed, which posed a significant risk to Progress MOVEit File Transfer software users. “Progress” […]
02
Jun
Jun
In today’s digital age, businesses are more vulnerable than ever to cyber-attacks. As a result, organisations must take a proactive approach to their cyber security measures to ensure that they are adequately protected. One of the most effective methods of assessing a company’s security posture is through red teaming. A Red Team Security Assessment (aka: […]
01
Jun
Jun
Penetration Testing Cost Penetration testing, also known as ethical hacking or white-hat hacking, is like putting on a hacker’s hat (but with authorisation!) to test the security of a computer system, network, or application for vulnerabilities and weaknesses. The goal is to evaluate how secure the system is and how effective its defences are in […]