Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service. These vulnerabilities could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors. via GIPHY According to SonarSource researchers Thomas Chauchefoin and Paul…
Cloudways
Apache Fixes Critical Source Code Disclosure Vulnerability in HTTP Server
The Apache Software Foundation has addressed a critical source code disclosure vulnerability in the Apache HTTP Server, tracked as CVE-2024-39884. The CVE-2024-39884 vulnerability arises from a regression in the handling of legacy content-type configurations in Apache HTTP Server 2.4.60. The issue occurs when the “ AddType” directive and similar…
Melanie Chandruan on How Can Agencies Use Financial and Performance Metrics to Guide the Health of Their Operations?
Melanie is an expert in agency operations, known for transforming the day-to-day activities of digital agencies into streamlined, profitable processes. With a focus on finances & metrics, people & growth, and workflows & documentation, Melanie helps agencies run more efficiently. With over 13 years of experience, Melanie simplifies…
Hacker Allegedly Leaks Data from Shopify Breach on BreachForums
A known threat actor on BreachForums using the alias ‘888’ has allegedly leaked data stolen from Shopify in a recent data breach. The exposed data reportedly includes personal details, email subscriptions, and order-related information of Shopify users. Shopify Inc., a Canada-based multinational company, offers a proprietary e-commerce platform…
Polyfill[.]io Attack Hits Over 380,000 Hosts, Including Major Companies
The supply chain attack on the widely-used Polyfill[.]io JavaScript library has impacted over 380, 000 hosts, according to recent findings from Censys. This attack includes references to malicious domains “ https: //cdn.polyfill[.]io” or “ https: //cdn.polyfill[.]com” embedded in HTTP responses as of July 2, 2024. “ Approximately 237, 700 of these hosts are located within…
Infostealing Malware Hidden in Software Productivity Tools
An India-based software vendor, Conceptworld Corporation, has unintentionally distributed information-stealing malware within its primary software products in June. The affected tools include Notezilla, a sticky notes app; RecentX, a tool for managing recently used files, folders, applications, and clipboard data; and Copywhiz, a file copying, organizing, and backup…
Cloudways Presents Web Growth Summit 2024
We’ re excited to announce the Web Growth Summit by Cloudways, which will take place on July 17h and 18th, 2024. According to Semrush’ s “ Think Big with AI” report, AI improves SEO results for 65% of businesses, while 68% experience higher ROI in content marketing. However, Google’ s new generative…
Cloudflare Introduces One-Click Defense Against Web-Scraping AI
Cloudflare has unveiled a new feature for web hosting customers to block AI bots from scraping website content without permission. Responding to customer concerns, Cloudflare introduced a one-click option to block all AI bots, aiming to protect content creators and maintain a safe internet environment. via GIPHY “ We…
Microsoft MSHTML Exploit Delivers MerkSpy Spyware
Unknown threat actors have exploited a now-patched security flaw in Microsoft MSHTML to deliver the MerkSpy surveillance tool, primarily targeting users in Canada, India, Poland, and the U.S. “ MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems, ” said Fortinet FortiGuard…
Authy App Breach by Twilio Leaks Millions of Phone Numbers
Twilio has disclosed that unknown attackers exploited an unauthenticated endpoint in the Authy app, exposing data linked to Authy accounts, including users’ phone numbers. The endpoint has been secured to prevent further unauthorized access. This incident follows a recent BreachForums post by a user named ShinyHunters, who claimed…
FakeBat Loader Malware Spreads Widely via Drive-by Download Attacks
The loader-as-a-service (LaaS) known as FakeBat has emerged as one of the most prevalent loader malware families distributed through drive-by download techniques this year, according to findings from Sekoia. “ FakeBat primarily aims to download and execute the next-stage payload, such as IcedID, Lumma, RedLine, SmokeLoader, SectopRAT, and Ursnif, ” …
South Korean ERP Vendor Hacked to Spread Xctdoor Malware
An unnamed South Korean enterprise resource planning (ERP) vendor’ s product update server was compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor but noted similarities with Andariel, …
WordPress Halts Plugin Updates to Counter Supply Chain Attacks
WordPress announced over the weekend that they were pausing plugin updates and initiating a force reset on plugin author passwords to prevent additional website compromises due to an ongoing supply chain attack on WordPress plugins. Hackers have been targeting plugins directly at the source, using exposed password credentials…
Introducing AWS Micro Tier Plan for Smaller Sites
We’ re excited to announce the addition of the AWS Micro Tier plan to our lineup of AWS server options. AWS Micro is backed by T3 instances and comes with 1 GB of RAM and 2 vCPUs. Starting from $20.50* per server (independent of storage and bandwidth costs), AWS Micro…
AI Boom Drives Soaring Cloud Infrastructure Spending
New stats from IDC reveal that the relentless demand for artificial intelligence (AI) is propelling first-quarter surges in cloud infrastructure spending. The growth trend shows no signs of slowing down. Those seemingly endless investments in AI continue to translate into skyrocketing cloud infrastructure demand. Research firm IDC has…
Cloud Misconfigurations and Limited Visibility Top Enterprise Concerns
Misconfigurations and limited visibility are the primary cloud concerns for enterprises, according to a recent study conducted by CyberRisk Alliance Business Intelligence. The report reveals a wealth of data points indicating growing business opportunities for both managed services providers (MSPs) and managed security service providers (MSSPs) in the…
SaaS Security Breaches Surge, Prompting Urgent Defense Measures
The increasing adoption of cloud-based Software as a Service (SaaS) applications across enterprises has intensified security concerns, particularly following recent breaches. A recent report by Thales highlights that SaaS applications have become the primary target for cyber attacks (31%), followed by cloud storage and cloud management solutions. With…
regreSSHion Bug in OpenSSH Puts 700K Linux Systems at Risk
A newly identified bug in OpenSSH’ s server (sshd) poses a severe threat to Glibc-based Linux systems, with infosec researchers at Qualys warning that around 700, 000 of the 14 million potentially vulnerable sshd instances could be exploited. Dubbed regreSSHion (CVE-2024-6387), this vulnerability is a race condition that allows unauthenticated…
New OpenSSH Vulnerability Could Lead to Root RCE on Linux Systems
OpenSSH maintainers have issued security updates to address a critical flaw that could allow unauthenticated remote code execution (RCE) with root privileges on glibc-based Linux systems. The vulnerability, identified as CVE-2024-6387, is located in the OpenSSH server component, known as sshd, which listens for connections from client applications….
Tom Wardman on How Can Agencies Employ Generative AI for Content Creation and Marketing?
Tom Wardman is an expert in content marketing and digital strategy, known for transforming businesses into credible industry leaders. Specializing in strategic positioning and marketing operations, Tom helps entrepreneurs and businesses elevate their market presence and attract the right clients. Tom’ s impressive track record includes a 5200% increase…