Cybersprint Blog

A few days ago, WordPress released a patch for their software. This patch updates WordPress to version 5.8.3, and addresses four vulnerabilities. Three of these vulnerabilities have been rated as ‘high importance’ with two CVSS scores of 8.0, a 7.4, and a 6.6, as they allow for different kinds of attacks. This article explains how the different vulnerabilities could be abused, and how we were able to find the relevant WordPress software to check for risks.

APIs (Application Programming Interfaces) are used by countless businesses. By defining the rules that programmers must follow to interact with a programming language or software tool, they play a key role in enabling organisations to connect with services and transfer data.

Let me start by pointing out that automated hacking is not a new problem, it has been around for some time. However, with companies’ attack surfaces becoming increasingly sprawling and complex, and with hacks getting more advanced, it is becoming a much more pressing problem for organisations. Read the editorial below, or click the download button to open the PDF in a new window.

Last Thursday, a critical vulnerability in Apache log4j was published. Log4j is a software component, meaning that it integrates with a lot of Java applications: it is their most commonly used logging framework. It’s used in thousands of different applications, leading to systems at risk on a largely unprecedented scale.

In our previous blogs to this open directory series, we talked about what open directories are and why they pose a risk, and how we set up our own research into the extent of the issue. That also featured a sneak peek into the results. Now that we have presented the findings in our webinar, this article will cover the statistics and most striking examples. And most importantly: what are our conclusions and tips to make your own directories data leak free?

In our previous blog, we explained what open directories are and how they can result in a data leak. As mentioned there, we conducted research into the risks of open directories ourselves, to see the extent of the problem. We’ll go into the method and preliminary results of that research here, while leaving the most telling examples and conclusions for our webinar on Wednesday 1 December.

Shadow IT has long been a problem for organisations. Formal IT is routed through the IT department, where it’s approved, purchased, set up, and, importantly, supported and maintained. Shadow IT falls outside this process, and is normally split into two categories: / Systems that the IT department doesn’t know about. / Systems the IT department knows about but needs to keep running as they are integral to business operations. The second category is the real Shadow IT and the biggest problem for businesses. So how can you protect your business from the perils of shadow IT? Here are Pieter's six steps.

Open directories are like online file storing systems to access files remotely. A directory works like a digital filing cabinet, organising folders and files such as invoices, back-ups, important mail, IP, and more. Having this operate via the cloud means you can access your files from anywhere. However, some directories lack security, also known as open directories, and are accessible to more people than you would like.

Cookie settings, cookie banners, cookie consent… You are asked to review and agree with a website’s cookie settings whenever you visit it for the first time. Some of that data is necessary or anonymous, some is not. And it’s not always easy to set up and manage, as we’ve recently experienced ourselves. This blog aims to clarify the different cookie settings and regulations, hopefully helping you to tackle similar challenges. What exactly do you need to keep in mind when managing your website’s cookie settings?