Aggregator

A vulnerability, which was classified as problematic, has been found in Forminator Forms Plugin up to 1.35.1 on WordPress. This issue affects some unknown processing of the component Draft Custom Forms Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-9352. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Parallax Image Plugin up to 1.8 on WordPress. This affects the function dd-parallax of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9898. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in SendPulse Free Web Push Plugin up to 1.3.6 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-9184. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. This vulnerability is traded as CVE-2024-10068. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Multi-factor authentication (MFA) was once perceived as a powerful defense tactic – a silver bullet that made your organization more secure. But attackers have quickly adapted and found ways to compromise it, and it’s now a preferred attack vector for adversaries. So what happens when the defenses your enterprise depends on for protection can’t stop […]

The post MFA Compromise: The Mechanics Behind This Escalating Threat Vector appeared first on Security Boulevard.

The fast evolution of technology in the IT industry has made it increasingly important for professionals to keep up with emerging trends and skill sets. Data security, analytics, and automation have become crucial as companies deal with growing cyberattacks and data breach threats. To remain relevant and secure, IT professionals must actively address skill gaps in these areas, while organizations should create environments that prioritize continuous learning. IT professionals need several essential data skills, along with strategies for addressing these skill gaps and building a resilient workforce.

In-Demand Data Skills for IT Professionals

As the digital landscape becomes more complex, data security has emerged as a top priority for IT professionals. With the rising frequency and sophistication of cyberattacks, including API-based attacks and massive data breaches, it’s no longer enough to rely on traditional security measures. IT professionals need advanced skills to identify vulnerabilities, analyze attack patterns, and implement robust security protocols. This advanced training level helps protect an organization's sensitive information and ensures the integrity of its digital infrastructure.

In addition to security, data analytics, and automation are rapidly becoming essential skills for IT professionals. Analytics helps organizations make sense of vast amounts of data, identifying trends and insights that drive decision-making. Conversely, automation optimizes workflows and processes, allowing organizations to operate more efficiently while reducing the risk of human error.

Equally important is the ability to present data in a meaningful way. Data visualization and storytelling are crucial for IT professionals communicating complex data insights to non-technical stakeholders. Translating raw data into visual formats—such as graphs, charts, or interactive dashboards—makes the information more accessible and actionable for decision-makers, ultimately leading to improved business outcomes.

Addressing the Skills Gap

Addressing the skills gap in IT requires a proactive, multi-faceted approach. IT professionals should start by identifying their skill deficiencies through self-assessment, feedback from colleagues and managers, and staying informed about current industry trends. Once gaps are identified, professionals should take the initiative to bridge them through formal and informal learning opportunities.

Formal training programs, certifications, and online courses are essential for acquiring new data skills. Platforms such as Coursera, Udemy, and LinkedIn Learning offer comprehensive courses on cybersecurity, data analytics, and automation. Earning certifications like CompTIA Security+ or Certified Information Systems Security Professional (CISSP) can enhance a professional’s credentials and open doors to more specialized roles.

However, theory alone isn’t sufficient. Hands-on experience is essential for mastering new skills. IT professionals should actively seek opportunities to work on data-driven projects or collaborate with more experienced colleagues. Practical experience helps reinforce theoretical knowledge, allowing professionals to apply what they’ve learned in real-world scenarios.

Strategies for Addressing Data Skills Gaps

Organizations are crucial in closing the data skills gap by offering comprehensive data literacy programs. These programs should cater to employees at all levels, not just those in technical roles. Training should cover essential data topics such as data analytics, data security best practices, and how to use industry-standard tools. This approach empowers employees to better understand and work with data, fostering a more data-driven organizational culture.

Organizations can motivate continual upskilling by encouraging employees to incorporate data insights into their daily workflows. Employees who see how data directly impacts business performance are more likely to invest time in developing their data skills. Moreover, a solid data-driven culture promotes collaboration and productivity gains across departments.

Integrating Ongoing Training into IT Departments

Organizations should integrate ongoing training and development into their daily operations to ensure that IT professionals keep their skills current. This can be achieved by offering regular workshops, lunch-and-learn sessions, and providing access to online learning resources. Many organizations have also found success with mentorship programs and job shadowing, where junior employees can learn directly from seasoned professionals.

Integrating these learning opportunities into the workflow makes it easier for employees to access training without interrupting their daily responsibilities. IT leaders should also create a culture where learning is prioritized, encouraging employees to set aside time for professional development. This improves skillsets and enhances job satisfaction, as employees feel more supported in their career growth.

Closing the Skills Gap is a Collective Responsibility

IT skills continue to grow in demand, and not only that - but become more integrated into the organization as a whole. Therefore, addressing the skills gap—particularly in data-related fields—has become necessary rather than an option. IT professionals should focus on developing critical skills in data security, analytics, and automation, while organizations should invest in comprehensive training programs to build a more resilient, skilled workforce. By fostering a continuous learning culture and providing ample practical application opportunities, IT professionals and their employers can stay ahead of industry demands, ensuring long-term success in an increasingly data-driven world.

If you want to learn more about Salt and how we can help you on your API Security journey, please contact us, schedule a demo, or check out our website.

The post Bridging the IT Skills Gap with Essential Data Expertise and Growth Strategies appeared first on Security Boulevard.

Today, the Biden-Harris Administration announced that the Department of Commerce and Infinera have signed a non-binding preliminary memorandum of terms (PMT) to provide up to $93 million in proposed direct funding under the CHIPS and Science Act.

CISA released seven Industrial Control Systems (ICS) advisories on October 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-291-01 Elvaco M-Bus Metering Gateway CMe3100
• ICSA-24-291-02 LCDS LAquis SCADA
• ICSA-24-291-03 Mitsubishi Electric CNC Series
• ICSA-24-291-04 HMS Networks EWON FLEXY 202
• ICSA-24-291-05 Kieback&Peter DDC4000 Series
• ICSA-24-270-04 goTenna Pro X and Pro X2 (Update A)
• ICSA-24-270-05 goTenna Pro ATAK Plugin (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates: 

• Oracle Critical Patch Update Advisory – October 2024

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you, as someone working in cybersecurity? Everyone has the power to protect information. Like safety – where everyone’s responsibility is to

实习岗位提供转正名额，福利满满哦！

A vulnerability, which was classified as critical, was found in Oracle Pillar Axiom 6.1/6.2/6.3. Affected is an unknown function of the component FS1-2 Flash Storage System. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2015-0235. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Несовершенство криптографии ставит под сомнение безопасность данных пользователей.

Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google Meet video conference page with malicious ClickFix pop-up (Source: Sekoia) “The ClickFix tactic deceives users into downloading and running malware on their machines without involving a web browser for download or requiring manual file execution,” Sekoia researchers explained. “It makes it possible to bypass web browser security features, such … More →

The post Fake Google Meet pages deliver infostealers appeared first on Help Net Security.

来，一起给“银狐”一个形象吧！

Спецслужбы следят за безопасностью молодого поколения.  

Госдума и ФСБ предлагают отечественные продукты для измерения скорости интернета.