Celebrating the times when international organizations, governments, and the infosec community have shown admirable ability, judgement, and commitment to better securing the cyber sphere in 2022. CCFA changes This year saw major progress toward preventing unwarranted prosecutions of hackers motivated by a desire to protect people rather than harm them. Current laws worldwide often allow
Microsoft recently decided to block Visual Basic for Applications (VBA) macros by default in office documents downloaded from a web server. This has prompted many threat actors to improvise their attack chains. APT actors as well as commodity malware families are increasingly employing Excel add-in (.XLL) files as an initial intrusion vector according to Cisco
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two-year-old security flaws in TIBCO Software’s JasperReports product thatcited evidence of exploitive use in the CISA Known Exploited Vulnerabilities (KEV) catalog. In April 2018 and March 2019, TIBCO resolved the vulnerabilities tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), respectively. TIBCO JasperReports is
An ambitious success in web security, unfortunately, led to a salutary lesson in which lessons from another inevitably eventful year in infosec were learned. As 2022 draws to a close, let’s revisit some of those prominent web security wins and high-profile infosec fails from the previous year. Today we are going to begin our workshop
