This week, the threat actor group Anonymous Global (AnonGlobal) has introduced a new website designed for user engagement in attacks directed at Israel. Despite the site’s current inaccessibility, the group already claims already facilitated attacks resulting in the takedown of three Israeli websites. This innovative approach marks a departure from traditional threat actor tactics, aiming to involve ordinary individuals in their attacks.

If your credit card information is on the dark web you need to immediately contact your credit card issuer, monitor your online accounts for any suspicious activity or transactions, check your credit report and place a fraud alert on your credit report as an extra precaution. Continue reading to learn how your credit card information could have gotten on the dark web and how to keep your credit card information safe in the future.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A very worrying discovery…

On Tuesday, December 5, 2023, Atlassian published fixes for four critical-severity remote code execution (RCE) vulnerabilities impacting a variety of Atlassian products, including Atlassian Confluence Server and Data Center. The vulnerabilities were discovered by Atlassian as part of a security review and have not been actively exploited by threat actors. Additionally, we have not observed a public proof of concept (PoC) exploit published for any of the vulnerabilities.

December 9 marks two years since the world went on high alert because of what was deemed one of the most critical zero-day vulnerabilities ever: Log4Shell. The vulnerability that carried the highest possible severity rating (10.0) was in Apache Log4j, an ubiquitous Java logging framework that Veracode estimated at the time was used in 88 percent of organizations.

On November 21, 2023, ownCloud published advisories on three security vulnerabilities. The most severe of these vulnerabilities is an information disclosure vulnerability tracked as CVE-2023-49103 (CVSS: 10). The vulnerability is within the “graphapi” extension and is due to a library it relies on. The library provides a URL that when accessed discloses configuration details regarding the PHP environment including environment variables.

Every software team is constantly looking for ways to increase their velocity. DevOps has emerged as a leading methodology that combines software development and IT operations to shorten the system development life cycle and provide continuous delivery. However, ensuring software quality and security in a high-velocity environment can be challenging. This is where parallel testing comes into play.

As your business grows and you work with more third-party vendors, you need to ensure security and stability across your entire vendor supply chain. With hundreds, if not thousands, of external vendors, it can be daunting and time-consuming for teams to compile all the necessary data about each vendor, evaluate the vendor's impact, and take action to ensure compliance with organizational needs.