Vulnerability Disclosure on BSG Blog — Cybersecurity Insights

Zero-Day Vulnerabilities: A Growing Threat in Cyberattacks

Sat, 16 Nov 2024 14:07:05 +0000

A Shift in Cyberattack Tactics

The UK National Cyber Security Centre (NCSC), together with its counterparts from the US, Australia, Canada, and New Zealand, recently released a joint advisory warning about a growing trend among cyber attackers: the exploitation of zero-day vulnerabilities. These vulnerabilities, which are unknown to software vendors and developers at the time of the attack, present a unique and significant risk because they are exploited before a patch or fix is available. The advisory lists the top 15 vulnerabilities most frequently targeted in 2023, many of which were zero-days, highlighting a shift in the methods used by threat actors.

CVE-2022-0271: Leaflet Maps Marker SQL Injection Exploit

Mon, 08 Aug 2022 13:42:00 +0000

Introduction

In the ever-evolving landscape of cybersecurity, vulnerabilities can emerge in the most unexpected places. Recently, our team at BSG made a significant discovery: a SQL Injection vulnerability in the popular Leaflet Maps Marker plugin for WordPress (CVE-2022-1123). As with the previous discovery of CVE-2022-25854, Ihor Bliumental was directly involved. This discovery underscores the importance of proactive security measures and the need to address vulnerabilities promptly to safeguard WordPress websites.

CVE-2022-25854: Tagify npm Stored XSS Vulnerability

Tue, 10 May 2022 16:01:51 +0000

Preface

Due to the russian war on Ukraine, we are much less active on this blog and social media. However, some events make us hit the dust off the keyboard and share some information. For instance, a vulnerability is worth a CVE. We found this one in February 2022, and a few others are under review. Meanwhile, all BSG team members are safe, and we stay operational.