Hackers are using vulnerabilities in the outdated version of Popup Builder plug-in to invade WordPress websites, infecting more than 3300 websites and injecting malicious code.

The vulnerability exploited in the attack was traced as CVE-2023-6000, which is a cross site scripting (XSS) vulnerability that affects Popup Builder 4.2.3 and earlier, and was initially disclosed in November 2023.

A statement issued by the French Prime Minister's Office on Monday confirmed that a series of DDoS attacks that began on Sunday night hit many government departments' websites, and the scale of the attacks was "unprecedented". On Tuesday, the Russian hacker group Anonymous Sudan claimed responsibility for large-scale distributed denial of service (DDoS) attacks on several French government websites. A large number of websites of French government institutions have been affected. "We launched a large-scale cyber attack on the infrastructure of the French Inter Governmental Digital Affairs Bureau (DINUM)," said the anonymous sultan on its official Telegram channel, "The digital endpoint of the French core government has been attacked, with great scope of damage." In addition to DINUM, the "anonymous sultan" confirmed in its post that the attack

Illegal gambling information appears on the website of a science and technology information service limited liability company in Beijing. The company's official website is a static page, and the involved server is a virtual server. Users do not need any permission to access static files. On November 12, 2023, someone entered the company's server to rewrite the file into gambling website information.

Cloud computing technology has brought many benefits for modern enterprise organizations, such as scalability, flexibility, reduction of physical infrastructure, reduction of operating costs, and all-weather data access. However, research data also shows that only 4% of enterprise organizations can provide adequate security protection for cloud assets. In 2023, more than 80% of data leakage events will involve data stored in the cloud. In order to improve the protection level of cloud security, enterprises need to focus on strengthening the security measures for cloud applications and data in 2024. This article has collected and sorted out 10 key points in cloud security construction, which can better protect the organization's cloud assets and ensure the security and availability of data.

On January 10, Microsoft released its monthly security bulletin in January 2024, fixing 53 security vulnerabilities in multiple products. Fixed vulnerabilities in Windows 11, Windows 10, Windows Server 2022, Windows Server 2008, SharePoint Server 2019, Office 2019 and other products. Using the above vulnerabilities, attackers can cheat, bypass security function restrictions, obtain sensitive information, elevate permissions, execute remote code, or launch denial of service attacks. CNVD reminds Microsoft users to download the patch update as soon as possible to avoid causing network security issues related to vulnerabilities

With the rapid development of the Internet, a large number of data are constantly generated, accompanied by how to store, retrieve and manage them safely and effectively. Effective storage, efficient access, convenient sharing and security control of data have become a very important issue in the information age. The significance of data backup is that when network attacks, intrusions, power failures or operational errors occur, the original system can be completely, quickly, simply and reliably restored to ensure the normal operation of the system within a certain range. Here are 10 suggestions from Wuhan Cloud Summit based on years of practical experience.

In many cases, our website is not simply a direct route from the user's browser to your server. Considering the website's access speed, security and other attributes, we may add advanced anti DDoS IP, advanced anti DDoS CDN, or access other security products in the reverse proxy mode.

In the face of AI new fraud, in addition to widely informing the public of practical identification skills, in the long run, it is also necessary to take a multi pronged approach of personal prevention, defense technology iteration, compaction of platform responsibilities, and improvement of laws and regulations.
Generative artificial intelligence (AIGC) continues to be popular, and the legal, security and ethical challenges that follow are also growing.

After Microsoft suspended product sales in Russia on March 4, the number of online searches for pirated Microsoft software in the region soared by 250%. So far, the search volume of Excel downloads has increased by 650% in June. At the end of June, Microsoft banned Russian users from downloading Windows 10 and 11 from its official website. Microsoft said last month that it was significantly reducing its business in Russia. According to Bloomberg, the move hit Russia hard because many of its manufacturing and engineering systems depend on foreign software. According to the Moscow Times, a Russian media, Russian government agencies are shifting from Microsoft Windows to Linux. Kommers…

Atlassian Influence is a professional enterprise knowledge management and collaboration software produced by Atlassian, which can be used to build enterprise libraries, etc. On August 26, 2021, the official announcement of Atlas disclosed the remote code execution vulnerability of CVE-2021-26084 Atlas Influence. After authentication or without authentication in some scenarios, attackers can construct malicious requests, cause OGNL expression injection, and execute arbitrary code to control the server. Wuhan Cloud Summit Emergency Response Center reminds the Atlas Influence users to take security measures to prevent vulnerability attacks as soon as possible.