Cox Communications Patched Flaw that Placed Millions at Risk
Cox Communications fixed an authorization bypass vulnerability that could have enabled threat actors to abuse backend APIs to reset millions of modems and steal customer data.
Discovered by Sam Curry, the exploit gave a similar set of permissions as the ISP tech support.
WordPress Plugins Infected by Unauthenticated XSS Attacks
Researchers at Fastly discovered WordPress Plugins including WP Meta SEO, WP Statistics, and LiteSpeed, are littered with traces of unauthenticated stored XSS attacks.
These Cross-Site Scripting (XSS) attacks could result in attackers creating new admin accounts and injecting PHP backdoors in the plugin and theme files to illicitly monitor infected targets.
39% of MSPs’ Biggest Challenge is Keeping up with Cyber Solutions
According to a Sophos report, 39% of MSPs state that their greatest challenge is keeping up with emerging cybersecurity solutions and technologies.
Chad Graham, the Manager of the CIRT team at Critical Start, stated, “The skills shortage in cybersecurity is a significant concern that cannot be overlooked. MSPs must prioritize developing in-house talent through training and certifications while also leveraging automation and AI to augment human capabilities.”
