Vulnerable Atlassian Confluence Data Center and Server instances have been targeted by Chinese state-backed threat operation Storm-0062, also known as DarkShadow and Oro0lxy, in ongoing attacks exploiting a zero-day flaw, tracked as CVE-2023-22515, since Sept. 14, or three weeks prior to the bug's disclosure, SecurityWeek reports.
Resources we mentioned: The Hardware Hackers Handbook is a great start, Do a badge challenge: https://www.cyberark.com/resources/threat-research-blog/an-introduction-to-hardware-hacking, Take some classes, Do some Arduino stuff: https://www.arduino.cc/, Take free courses on electrical engineering: https://ocw.mit.edu/courses/6-01sc-introduction-to-...
SecurityWeek reports that more than 17,000 WordPress sites, including 9,000 sites vulnerable to the recently addressed TagDiv Composer front-end page builder plugin flaw, tracked as CVE-2023-3169, have been infected as part of the long-running Balada Injector campaign.
Malicious code execution and data compromise are possible with the exploitation of several high-severity bugs impacting ConnectedIO's ER2000 edge routers, The Hacker News reports.
Significantly more phishing scams involving the spoofing of the U.S. Postal Service and postal services in other countries, including Mexico, Costa Rica, Chile, Finland, Australia, and the Netherlands, aimed at exfiltrating personal and financial information have emerged in recent weeks, according to KrebsonSecurity.
October is Cybersecurity Awareness Month and SC Media is doing its' part by focusing on Securing Businesses and Products, a nod to the national Secure Our Worlds theme.
Scams originating on social media are responsible for $2.7 billion in losses since 2021, more than any other contact method, according to new data shared by the FTC.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
