Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk arises from JavaScript code allowing for cross site scripting.

RedTeam Pentesting identified a vulnerability which allows attackers to  
craft URLs to any third-party website that result in arbitrary content  
to be injected into the response when accessed through the Secure Web  
Gateway. While it is possible to inject arbitrary content types, the  
primary risk arises from JavaScript code allowing for cross-site  
scripting.

Details  
=======

Product: Secure Web Gateway  
Affected Versions: 10.2.11, potentially other versions  
Fixed Versions: 10.2.17, 11.2.6, 12.0.1  
Vulnerability Type: Cross-Site Scripting  
Security Risk: high  
Vendor URL: https://www.skyhighsecurity.com/en-us/products/secure-web-gateway.html  
Vendor Status: fixed version released  
Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2022-002  
Advisory Status: published  
CVE: CVE-2023-0214  
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0214

Introduction  
============

"Skyhigh Security Secure Web Gateway (SWG) is the intelligent,  
cloud-native web security solution that connects and secures your  
workforce from malicious websites and cloud apps—from anywhere, any  
application, and any device."

(from the vendor's homepage)

More Details  
============

The Secure Web Gateway's (SWG) block page, which is displayed when a  
request or response is blocked by a rule, can contain static files such  
as images, stylesheets or JavaScript code. These files are embedded  
using special URL paths. Consider the following excerpt of a block page:

------------------------------------------------------------------------  
<html>  
  
  
<head>  
  <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">  
  <meta http-equiv="X-UA-Compatible" content="IE=7" />  
  <title>McAfee Web Gateway - Notification</title>  
  <script src="/mwg-internal/de5fs23hu73ds/files/javascript/sw.js" type="text/javascript" ></script>  
  <link rel="stylesheet" href="/mwg-internal/de5fs23hu73ds/files/default/stylesheet.css" />  
</head>  
------------------------------------------------------------------------

Static content is loaded from URL paths prefixed with  
"/mwg-internal/de5fs23hu73ds/". It was discovered that paths with this  
prefix are intercepted and directly handled by the SWG no matter on  
which domain they are accessed. While the prefix can be configured in  
the SWG, attackers can also obtain it using another currently  
undisclosed vulnerability.

By reverse engineering the file "libSsos.so" and analysing JavaScript  
code, it was possible to derive the API of the "Ssos" plugin's  
"SetLoginToken" action. Through the following call using the  
command-line HTTP client curl, the behaviour of the plugin was further  
analysed:

------------------------------------------------------------------------  
$ curl --proxy http://192.168.1.1:8080 -i 'https://gateway.example.com/mwg-internal/de5fs23hu73ds/plugin?target=Ssos&action=SetLoginToken&v=v&c=c&p=p'  
HTTP/1.0 200 OK  
P3P: p  
Connection: Keep-Alive  
Set-Cookie: MwgSso=v; Path=/; Max-Age=240;  
Content-Type: application/javascript  
Content-Length: 2  
X-Frame-Options: deny

c;  
------------------------------------------------------------------------

The response embeds the values of the three URL parameters "v", "c" and  
"p". The value for "p" is embedded as value of the "P3P" header, the  
value of "c" as the response body and the value of "v" as the value  
of the cookie "MwgSso".

It is also possible to include newline or carriage return characters in  
the parameter value which are not encoded in the output. Consequently,  
if the value of the parameter "p" contains a line break, arbitrary  
headers can be injected. If two line breaks follow, an arbitrary body  
can be injected. If a suitable "Content-Length" header is injected, the  
remaining headers and body of the original response will be ignored by  
the browser. This means that apart from the initial "P3P" header, an  
arbitrary response can be generated. For example, a page containing  
JavaScript code could be returned, resulting in a cross-site scripting  
attack.

Consequently, attackers can construct URL paths that can be appended to  
any domain and cause an arbitrary response to be returned if the URL is  
accessed through the SWG. This could be exploited by distributing such  
URLs or even by offering a website which performs an automatic redirect  
to any other website using such a URL. As a result, the SWG exposes its  
users to self-induced cross-site scripting vulnerabilities in any  
website.

Proof of Concept  
================

In the following request, the "p" parameter is used to inject suitable  
"Content-Type" and "Content-Length" headers, as well as an arbitrary  
HTML response body.

------------------------------------------------------------------------  
$ curl --proxy http://192.168.1.1:8080 'https://gateway.example.com/mwg-internal/de5fs23hu73ds/plugin?target=Ssos&action=SetLoginToken&v=v&c=c&p=p%0aContent-Type: text/html%0aContent-Length: 27%0a%0a<h1>RedTeam Pentesting</h1>'  
HTTP/1.0 200 OK  
P3P: p  
Content-Type: text/html  
Content-Length: 27

<h1>RedTeam Pentesting</h1>  
------------------------------------------------------------------------

As mentioned above, the HTTP response body could also include JavaScript  
code designed to interact with the domain specified in the URL resulting  
in a cross-site scripting vulnerability.

Workaround  
==========

None.

Fix  
===

According to the vendor, the vulnerability is mitigated in versions  
10.2.17, 11.2.6 and 12.0.1 of the Secure Web Gateway. This was not  
verified by RedTeam Pentesting GmbH. The vendor's security bulletin can  
be found at the following URL:

https://kcm.trellix.com/corporate/index?page=content&id=SB10393

Security Risk  
=============

The vulnerability could be used to perform cross-site scripting attacks  
against users of the SWG in context of any domain. Attackers only need  
to convince users to open a prepared URL or visit an attacker's website  
that could perform an automatic redirect to an exploit URL. This exposes  
any website visited through the SWG to the various risks and  
consequences of a cross-site scripting vulnerability such as account  
takeover. As a result, this vulnerability poses a high risk.

Timeline  
========

2022-07-29 Vulnerability identified  
2022-10-20 Customer approved disclosure to vendor  
2022-10-20 Vulnerability was disclosed to the vendor  
2023-01-17 Patch released by vendor for versions 10.2.17, 11.2.6 and  
           12.0.1.  
2023-01-26 Detailed advisory released by RedTeam Pentesting GmbH

RedTeam Pentesting GmbH  
=======================

RedTeam Pentesting offers individual penetration tests performed by a  
team of specialised IT-security experts. Hereby, security weaknesses in  
company networks or products are uncovered and can be fixed immediately.

As there are only few experts in this field, RedTeam Pentesting wants to  
share its knowledge and enhance the public knowledge with research in  
security-related areas. The results are made available as public  
security advisories.

More information about RedTeam Pentesting can be found at:  
https://www.redteam-pentesting.de/

Working at RedTeam Pentesting  
=============================

RedTeam Pentesting is looking for penetration testers to join our team  
in Aachen, Germany. If you are interested please visit:  
https://jobs.redteam-pentesting.de/

--   
RedTeam Pentesting GmbH                   Tel.: +49 241 510081-0  
Alter Posthof 1                           Fax : +49 241 510081-99  
52062 Aachen                    https://www.redteam-pentesting.de  
Germany                         Registergericht: Aachen HRB 14004  
Geschäftsführer:                       Patrick Hof, Jens Liebchen

To help K–12 schools and school districts in their struggle against cybercrime the Cybersecurity & Infrastructure Security Agency (CISA) has released the report, Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats.

A cybersecurity incident can significantly impact a school or district’s ability to carry out its educational mission. Late last year, CISA warned of ransomware particularly targeting the education sector, and less than two weeks ago we reported on multiple schools being hit by a ransomware attack.

This report gives insight in the particular threats the K–12 community is facing and offers actionable steps school leaders can take to strengthen their cybersecurity efforts.

**1\. Resource constraints**

When resources are limited, it is important to make sure that the measures you choose to take are the most impactful ones. Important recommendations to that effect are:

*   Working with technology providers that offer low-cost services and products that are secure by design and default.
*   Urgently reducing the security burden by migrating to secure cloud environments and trusted managed services.

CISA also recommends starting with the security controls that have the highest priority, making sure you align near-term investments with pressing goals and compliance regulations. You should also have a long-term cybersecurity plan that leverages the NIST Cybersecurity Framework (CSF), a set of guidelines for mitigating organizational cybersecurity risks.

**2\. Security measures**

Some examples of high-priority measures provided by CISA, which ring true for most organizations, are:

*   Deploying multifactor authentication (MFA)
*   Mitigating known exploited vulnerabilities
*   Implementing and testing backups
*   Regularly exercising an incident response plan
*   Implementing a strong cybersecurity training program

CISA recommends that K–12 organizations adopt its Cybersecurity Performance Goals (CPGs)—a set of cybersecurity practices that, when implemented, "can meaningfully reduce the likelihood and impact of known risks and adversary techniques".

**3\. Help each other**

Collaboration and information sharing are both cost-effective and mutually beneficial in order to improve awareness of current threats and how to meet them. CISA provides these suggestions:

*   Join relevant information and threat intelligence collaboration groups, such as the MS-ISAC and K12 SIX.
*   Work with other information-sharing organizations, such as fusion centers, state school safety centers, other state and regional agencies, and associations.
*   Build a strong and enduring relationship with CISA and FBI regional cybersecurity personnel.

**Toolkit**

CISA has also published a toolkit that aligns resources and materials to each of its three recommendations, along with guidance on how stakeholders can implement each recommendation based on their current needs.

**Malwarebytes**

Many K–12 organizations operate their own IT systems, known as “on premises” systems. Such systems require time to patch, to monitor, and to respond to potential security events.

Malwarebytes can help K-12 organizations by combining these tasks and taking them to the cloud.

Read also: 5 must haves for K-12 cybersecurity.

CISA releases advice on how to safeguard K–12 organizations

One of the most closely watched security startups continues to build bank because its platform appeals to both developers and security pros.

Developers, security professionals, and investors all find something to like about Snyk and its developer security platform, which helps organizations mitigate their risk of exposure to software supply chain attacks.

After closing $196.5 million in Series G investment late last month, Snyk on Tuesday said it secured an additional $25 million from ServiceNow. ServiceNow's investment brings the total amount Snyk has secured to $1.4 billion since 2020.

During those three years, the company behind the developer security platform has been adding on customers. Snyk claims its revenues last year grew 100%, with net revenue retention growing 130%. Snyk reports that it closed out 2022 with over 2,300 customers who remediated more than 5.1 million vulnerabilities. Identity verification provider Veriff ranked Snyk first in an analysis of security startups based on funding amounts, number of investors, employee counts, Twitter following, and the uniqueness of the product portfolio.

**Integrating Snyk With ServiceNow**

Following this investment, ServiceNow will embed Snyk's open source software component analysis (SCA) and intelligence tools into ServiceNow's Vulnerability Response. While Snyk can boost ServiceNow's vulnerability detection capabilities, its developer-focused tools can bring Snyk to more DevSecOps organizations.

"Snyk's vision is all the way from code to cloud, and cloud is really code," Snyk chief product officer Manoj Nair says. "We get people to build security in from the start, rather than putting firewalls and scanners and all that after the fact to catch what's wrong."

ServiceNow VP and general manager of security products Lou Fiorello envisions the Snyk platform extending his company's vulnerability detection capabilities. "This significantly furthers ServiceNow's ability to provide a single view into vulnerabilities across the enterprise technology environment, driving workflows to better prioritize and expedite vulnerability management," Fiorello said in a statement.

**Appealing to Developers and Security Professionals**

Founded in 2015, Snyk has stood out amid escalating growth in software supply chain attacks. Snyk's Developer Security Platform helps organizations reduce the risk of an attack by letting those who build container-based applications generate software bills of materials (SBOMs) during the development process.

"Snyk has been successful at building security tools that the developers like," says Enterprise Strategy Group senior analyst Melinda Marks. Marks emphasizes that developers find especially appealing Snyk's tools to test open source code using SCA and to scan infrastructure as code.

"Snyk was a pioneer in the developer-first security category," she adds. "It's very easy for developers to use while giving security teams visibility and control for setting policies and related functions."

The ServiceNow announcement is significant, Marks adds, given how many large enterprises use ServiceNow for IT service management. ServiceNow says it serves 80% of Fortune 500 companies and approximately 7,400 enterprise customers.

**Recent Security Moves**

Organizations are increasingly looking at how to efficiently make SBOMs, especially in light of software supply chain attacks, vulnerabilities such as Log4j, and government mandates. In November, Snyk released an update to make it easier to automatically generate SBOMs during the software build process. Snyk added a "developer-first" API and command-line interface (CLI) to create SBOMs, which the company says provides broader visibility into customers' complete software supply chains.

Snyk also released an SBOM Checker, a free tool that scans SBOMs for vulnerabilities. Snyk also has added Bomber Integration, which scans SBOMs with the open-source Bomber application, testing them against its open source Snyk Vulnerability Database.

In November, Snyk Cloud — the outgrowth of the company's acquisition of Fugue last year — went live. Snyk Cloud has a common policy engine designed to ensure organizations' cloud applications are secure before deploying them.

"Snyk Cloud will help you secure your cloud environment with common policies for infrastructure code and cloud deployments," Nair said during the November launch event. "Taking a code-centric approach to find and fix cloud issues is something that we were fundamentally focused on."

Snyk Gets Nod of Approval With ServiceNow Strategic Investment

**January 25, 2023 - California, US;** In 2023 there will be a global increase in data privacy regulation enforcement, new regulations in the United States leading to further fragmentation, investment in privacy-enhancing technologies, and hopes for agreement on a data transfer mechanism between the EU and US, among other developments. In light of Data Privacy Day 2023, data privacy technology Privado is today announcing **Data Privacy All-Stars** and **Rising Stars**, recognizing the efforts of these individuals within their industry as they share their insights on the challenges that lie ahead in 2023. 

Privado received over 2,000 nominations for its inaugural Data Privacy Stars listing. The list recognizes All-Star and Rising Star recipients for the exceptional work done by individuals who are taking privacy and security to the next level within their organization and beyond by spreading awareness of data privacy across the world. 

The **All-Stars 2023** list celebrates those who have considerable data privacy related achievements to show over the years. The **Rising Stars 2023** list commends those who are passionately driving data privacy initiatives.

Data Privacy Stars shared their insights, tips and predictions for 2023. 

2023 top data privacy challenges: 

*   More fines and enforcement that holds leadership (CEOs, CISOs) accountable. 
*   New regulations leading to more complexity and fragmentation.
*   Focus on protecting children and healthcare data including more direct guidance from the FTC and the HSS.
*   AI will bring new risks we haven’t seen before as it finds and exploits loopholes.
*   Skepticism on an agreement for a data transfer mechanism between EU and US.
*   User demand for more visibility and controls over consent.

2023 data privacy top tips: 

*   Data mapping as the undisputed foundation of any privacy program. 
*   Make privacy second nature by embedding privacy processes into stakeholder teams’ existing processes.
*   Implement Privacy by Design practices.
*   Having leadership acknowledge and champion how important data privacy is to make a difference.
*   Rightsizing privacy strategy for the current stage of your organization.
*   Step away from making privacy a policing role. Engage developer teams by bringing empathy, some social intelligence but most of all understanding business needs.
*   Proactive scanning capabilities and data lineage capabilities will be important. 

January 28, 2023 marks Data Privacy Day, an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust. Initiated in 2007 by the Council of Europe and adopted in 2009 by the United States, Data Privacy Day is now observed by over 50 countries around the world.

**Vaibhav Antil, CEO of Privado** commented: "Ahead of Data Privacy Day, we wanted to recognize individuals doing exceptional and innovative privacy work within their organizations. We want to highlight their accomplishments and share their insights with peers across the world."

"Data Privacy Day gives us all an opportunity to take a second and think about what we share about ourselves, when and where we share it, and who we are sharing it with. Organizations are taking the challenge of safeguarding our data head-on while continuing to deliver value to consumers, and so today is also a good opportunity to raise awareness of the magnitude this effort represents for every company and how every individual must be solving for privacy."

Founded in 2020, Privado was created to address the privacy issues facing businesses around the world. Privado offers open-source and enterprise code scanning solutions purpose-built for privacy that identifies data usage, discovers data flows & flags privacy issues like excessive user permissions or data leakages to logs.

**About Privado**

Privado is the privacy code scanner for privacy & security teams who want unparalleled visibility into data flows from applications & helps developers fix privacy vulnerabilities like personal data leakages to logs or third parties. Founded in 2020, Privado has enabled Headspace, Zego, Thrasio, TrendyOl & many more enterprises to embed privacy checks in their Software Development Life Cycle. For more information please visit https://www.privado.ai/ or follow via Twitter and LinkedIn.

Data Privacy Day: Privado Flags Data Privacy Challenges In 2023 As It Hails Industry Stars

Don't make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset.

The widespread vulnerability that first appeared in Apache Log4j in 2021 will continue to be exploited, potentially even in worse ways than we've seen to date. The more worrisome aspect of these threats is that there's a good chance they'll continue to be exploited months or years into the future.

The Department of Homeland Security's Cyber Safety Review board debuted in 2021, and in 2022 released its inaugural safety report (PDF). In it, the board called Log4j an "endemic vulnerability," chiefly because there isn't a comprehensive "customer list" for Log4j, making keeping up with vulnerabilities a near-impossible task. One federal Cabinet department even spent 33,000 hours on its Log4j response.

And many organizations and security solutions on the market fail to identify the difference between exploitability and vulnerability — leaving an opportunity for attackers to carry out malicious activity.

**Exploitability vs. Vulnerability**

One of the key issues with cybersecurity today is understanding the difference between vulnerabilities and their severity. When it comes to measuring exploitability versus a vulnerability, there's a big difference between whether a security threat is exploitable within your business or if it's just "vulnerable" and cannot hinder the business or reach a critical asset. Security teams spend too much time not understanding the difference between the two and fix each vulnerability as it comes, instead of prioritizing those that are exploitable.

Every company has thousands of common vulnerabilities and exposures (CVEs), many of which score high on the Common Vulnerability Scoring System (CVSS), so it's impossible to fix them all. To combat this, the hope is that risk-based vulnerability management (RBVM) tools will make prioritization easier by clarifying what is exploitable.

However, security prioritization approaches that combine CVSS scores with RBVM threat intel don't provide optimal results. Even after filtering and looking just at what is exploitable in the wild, security teams still have too much to handle because the list is long and unmanageable. And just because a CVE doesn't have an exploit today doesn't mean that it won't have one next week.

In response, companies have been adding predictive risk AI, which can help users understand if a CVE might be exploited in the future. This still isn't enough and leads to too many issues to fix. Thousands of vulnerabilities will still show to have an exploit, but many will have other sets of conditions that have to be met to actually exploit the problem.

For example, with Log4j, the following parameters need to be identified:

*   Does the vulnerable Log4j library exist?
*   Is it loaded by a running Java application?
*   Is the JNDI lookup enabled?
*   Is Java listening to remote connections, and is there a connection for other machines?

If the conditions and parameters aren't met, the vulnerability isn't critical and shouldn't be prioritized. And even if a vulnerability could be exploitable on a machine, so what? Is that machine extremely critical, or maybe it isn't connected to any critical or sensitive assets?

It's also possible the machine isn't important yet it can enable an attacker to continue toward critical assets in stealthier ways. In other words, context is key — is this vulnerability on a potential attack path to the critical asset? Is it enough to cut off a vulnerability at a chokepoint (an intersection of multiple attack paths) to stop the attack path from reaching a critical asset?

Security teams hate vulnerability processes and their solutions, because there are more and more vulnerabilities — nobody can ever fully wipe the slate clean. But if they can focus on what can create _damage_ to a critical asset, they can have a better understanding of where to start.

**Combating Log4j Vulnerabilities**

The good news is that proper vulnerability management can help reduce and fix the exposure to Log4j-centric attacks by identifying where the risk of potential exploitation exists.

Vulnerability management is an important aspect of cybersecurity and is necessary for ensuring the security and integrity of systems and data. However, it's not a perfect process and vulnerabilities can still be present in systems despite best efforts to identify and mitigate them. It's important to regularly review and update vulnerability management processes and strategies to ensure that they are effective and that vulnerabilities are being addressed in a timely manner.

The focus of vulnerability management should not only be on the vulnerabilities themselves, but also on the potential risk of exploitation. It is important to identify the points where an attacker may have gained access to the network, as well as the paths they may take to compromise critical assets. The most efficient and cost-effective way to mitigate the risks of a particular vulnerability is to identify the connections between vulnerabilities, misconfigurations, and user behavior that could be exploited by an attacker, and to proactively address these issues before the vulnerability is exploited. This can help to disrupt the attack and prevent damage to the system.

You should also do the following:

*   **Patch:** Identify all your products that are vulnerable to Log4j. This can be done manually or by using open source scanners. If a relevant patch is released for one of your vulnerable products, patch the system ASAP.
*   **Workaround:** On Log4j versions 2.10.0 and above, in the Java CMD line, set the following: log4j2.formatMsgNoLookups=true
*   **Block:** If possible, add a rule to your Web application firewall to block: "jndi:"

Perfect security is an unachievable feat, so there's no sense making perfect the enemy of good. Instead, focus on prioritizing and locking down potential attack paths that continuously improve security posture. Identifying and being realistic about what actually is vulnerable versus what is exploitable can help do this, since it will allow the ability to strategically funnel resources toward critical areas that matter the most.

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

Some predictions about impending security challenges, with a few tips for proactively addressing them.

Cloud transformation has become a strategic advantage for many organizations, providing convenience, cost savings, and near-permanent uptimes compared with on-premises infrastructure. At the same time, the move to cloud has also increased the attack surface, resulting in an uptick in criminal activity targeting cloud environments. As we roll into 2023, fears about a potential recession and a corresponding desire to cut costs are renewing urgency to move to the public cloud.

For organizations to successfully secure cloud environments, they must understand the critical risks that can be exploited by attackers to infiltrate cloud environments. As with legitimate activity in the cloud, attackers continue to evolve their approaches, so the challenges faced in 2023 will be different than those faced in 2022 and prior. Here are my top 2023 predictions.

**Multicloud Environments Will Continue to Compound Security Challenges**

Multicloud offers numerous benefits, from avoiding vendor lock-in to reliability, agility, and cost-efficiency. At the same time, however, it brings additional layers of complexity, particularly regarding security management. According to a recent report, 78% of organizations deploy applications on more than three public clouds.

Moreover, the number of services available from the top three public cloud providers (Amazon Web Services, Azure, and Google) is expected to surpass 1,000, up from 750 today. In an effort to embrace agility and innovation, security practitioners will need to find ways to support these news services as soon as they are available.

With each cloud provider's unique capabilities enhanced and expanded almost daily, organizations will have to invest in automated tools that map new services to security and compliance frameworks, like NIST, CIS, and others.

**Securing Developer Environments Will Become the Most Critical Component**

The continuous growth and diversity of application deployments are creating an extensive attack surface for malicious actors. We have seen cybersecurity incidents like SolarWinds, Kaseya, and Spring4Shell significantly impact organizations.

On the other hand, we also see issues like Log4j, which recently demonstrated how many organizations can be impacted due to software vulnerabilities. Hence, we expect securing developer environments will become one of the most critical components for organizations in 2023.

**DevSecOps Tool Sprawl Will Begin to Consolidate**

According to Gartner, of those organizations that have implemented a DevSecOps pipeline for cloud security, "these organizations have manually stitched together DevSecOps with 10 or more disparate security tools — some old and some new — each with siloed responsibility and view of application risk."

Recognizing the overhead with managing so many tools, and the challenges with achieving consistent policies across cloud providers and services, information security teams will increasingly standardize on broader platforms, such as cloud-native application protection platforms, at the expense of point products, such as cloud security posture management, infrastructure-as-code scanners, and cloud workload protection platforms.

**Focused Approach for Data Protection**

Monitoring data across multicloud environments has been an unsolved problem for a couple of years for most organizations. When production workloads are moved between multiple public cloud environments, it becomes difficult to track data or access permissions. Tools for cloud service providers have limitations to secure data in multicloud environments.

In 2023, organizations need to adopt new tool sets and new mindsets, and make a greater effort to detect, classify, and enforce policies to secure sensitive data. We expect data protection to be at the center of the cloud security strategy to avoid increasingly high-profile, complex cyberattacks and data breaches.

**Do More With Less**

The current economic climate is pointing toward a trend of tighter budgets in 2023. To combat this challenge, leaders will be consolidating tools, processes, and expertise with a more collaborative approach. We'll see wider use of cross-functional teams with even greater ROI focus to boost efficiency and reduce complexity.

**Cybersecurity Hiring Will Remain a Challenge**

According to the (ISC)2 2022 Cybersecurity Workforce Study, there is a shortage of 3.4 million cybersecurity workers worldwide. With limited staff, we expect security leaders to emphasize security automation with risk-based prioritization.

**How to Stay Safe in 2023**

Based on our experience of investigating attacks and related incidents, we believe that security leaders need to focus on the following tactics and techniques:

*   Cloud security approach and strategy: With the prevalence of large-scale cloud-native deployments, adopting a more modern, agile, and integrated cybersecurity approach is mission-critical.

*   Select the right tooling: Shifting to robust security with the right solutions and level of expertise, over security layers and threat intelligence.

*   Prioritizing visibility: Gain insight and control over the complex cloud environment covering threats, risks, and vulnerabilities in the cloud.

*   Data security in focus: Secure data in large, dispersed environments with strategic integrated data protection and DLP approach.

*   Threat intelligence, advanced correlation, and machine-learning techniques: Use a combination of advanced techniques to stay ahead of bad actors and proactively reduce risk.

*   Automate and maintain continuous compliance standards.

*   Team collaboration: Distribute and delegate security responsibilities using automation across the organization.

Multicloud Security Challenges Will Persist in 2023

**ARLINGTON, Va.****,** **Jan. 25, 2023** **/PRNewswire/ --** ThreatConnect announced today the release of ThreatConnect Platform v7.0, the industry's first threat intelligence platform designed specifically for TI Ops.  The new release radically increases the effectiveness of threat intelligence analysts and security operations teams by bringing together the power of human analysis, ML-powered analytics and intelligence, and automation. 

"Legacy approaches to threat intelligence are no longer sufficient to protect the enterprise in a world of an expanding attack surface and increasing velocity and sophistication of threats," said Andrew Pendergast, EVP of Product at ThreatConnect. "Security operations must modernize by adopting a new approach that puts threat intelligence at the core of everything – aggregating TI from multiple sources, prioritizing the most dangerous threats, and taking timely action so security programs can be strategic and proactive."

The ThreatConnect Platform enables organizations to achieve alignment between security operations and the critical risks to the business as well as better security efficiencies and greater effectiveness, including faster time to mitigate critical vulnerabilities and faster mean time to detect (MTTD) and respond (MTTR) to threats. In a recent survey of ThreatConnect customers, more than 68% of respondents said that the product helped them improve their MTTR by more than 50%.  In the same survey, 95% of respondents noted that ThreatConnect enabled them to get more value from their existing security tools such as SIEM, XDR, and SOAR.

Customers can now go beyond just managing threat intel to operationalizing it and fusing it across every part of your security program, from threat investigation to incident response to vulnerability management.

**ML-Powered Global Intelligence and Analytics with CAL™ v3.0**

With the introduction of a native natural language processing (NLP) to the  ThreatConnect Platform now automates many analyst activities saving them time and effort. CAL™ now has the ability to understand MITRE ATT&CK techniques. This capability underpins the new CAL™Automated Threat Library (ATL) intelligence. Analysts no longer need to visit dozens of blogs and news sources every day, analyzing the sources for indicators, threat actors, and ATT&CK techniques, and copying and pasting relevant intel. CAL™ ATL  automatically aggregates, enriches, scores,analyzes, and filters more than 60 top threat intel-related news sources into an intel feed ready to be used in the ThreatConnect Platform with more sources being added all the time.

**Native Reporting Engine**

The CISO down to security analysts need timely and relevant information and insights to make strategic, tactical, and operational decisions. With ThreatConnect's native Reporting engine, customers can easily create custom reports to put actionable information in front of the right people at the right time to improve defenses. With this new capability, users can create reports directly in  the Platform using the built-in report editor, saving time and effort by leveraging the intelligence already aggregated and built from your threat library in ThreatConnect with powerful graphs, charts, and free form text..  

**Built-in Enrichment** 

Built-in Enrichment with our top enrichment provider partners automates and streamlines the process of adding context to Indicators of Compromise. Users will have a simple, plug-and-play experience to have the most common enrichment providers set up throughout the ThreatConnect platform, helping them to identify false positives, and to pull out actionable intelligence to improve detection efficacy and speed up threat response.

**Learn More:**

*   Read our blog post to learn more about Threat Intelligence Operations, the Evolved Threat Intel Lifecycle, and latest capabilities in ThreatConnect Platform v7.0.
*   Download the Dawn of TI Ops  paper to learn why TI Ops is critical to security operations.
*   Download the Evolved Threat Intel Lifecycle infographic to learn why the a new threat intel lifecycle is required for TI Ops
*   Register for the webinar The Need for an Evolved Threat Intel Lifecycle on February 17, 2023.

**About ThreatConnect**

ThreatConnect enables threat intelligence operations, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense and protection. With ThreatConnect, organizations infuse ML and AI-powered threat intel and cyber risk quantification into their work, allowing them to orchestrate and automate processes to get the necessary insights, and respond faster and more confidently than ever before. More than 200 enterprises and thousands of security operations professionals rely on ThreatConnect every day to protect their organizations' most critical assets.

ThreatConnect Extends Threat Intelligence Platform to Enable Threat Intelligence Operations (TI Ops)

Despite economic headwinds and layoffs in other areas, most retail and hospitality CISOs expect to add staff in 2023, according to a new report.

**VIENNA, Va.****,** **Jan. 25, 2023** **/PRNewswire/ --** Information security teams have always had to do more with less, but 2023 might be the year when they are able to do more with more. Riding a three-year trend, 70% of CISOs expect their budgets to increase again this year, while 60% also expect more FTEs, according to the CISO Benchmark Report released today from the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC).

The annual report surveys cybersecurity leaders from consumer-facing industries to assess data about budgets, personnel, and organizational priorities.

The increase in budget and personnel reflects how cybersecurity has grown as a critical part of business operations in many organizations. This year, business disruption emerged as a top 10 (No. 7) risk that organizations currently face, up seven spots from No. 14 in 2021. Similarly, 50% of CISOs now have business continuity/disaster recovery as part of their core responsibilities, an increase of 11 percentage points since last year.

Surprisingly, although fraud in its many forms greatly impacts the bottom line, and continues to be a top risk for organizations, very few CISOs have fraud as part of their core responsibilities, according to the report.  

New this year is an additional benchmark report from RH-ISAC that survey cybersecurity practitioners to understand the challenges and priorities staff have in executing daily job functions.

Key insights from the Practitioner Benchmark Report include:

*   83% serve more than one job function, which means that employees have a valuable and diverse skill set across security operations (76%), threat intelligence (66%), and risk management (66%)
*   93% believe they have the necessary skill sets to perform their job effectively

"The retail and hospitality industries are constantly evolving, and so are the cybersecurity challenges they face," said Suzie Squier, president of RH-ISAC. "The RH-ISAC Benchmark Reports provide valuable insights and actionable information for CISOs and other information security professionals to stay informed about trends and resource allocation among infosec teams."

The companies represented in the surveys include retail, restaurants, hospitality, travel, and consumer packaged goods/manufacturing companies, and reflect more than 718,000 total locations, 3.4 million corporate employees, and $2.3 trillion in annual sales.

The full reports are available to RH-ISAC members, and summary versions of each report are available to download:  
CISO Benchmark Report   
Practitioner Benchmark Report 

**About the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC)**

The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is the trusted community for sharing sector-specific cybersecurity information and intelligence. The RH-ISAC connects information security teams at the strategic, operational, and tactical levels to work together on issues and challenges, to share practices and insights, and to benchmark among each other – all with the goal of building better security for consumer-facing industries through collaboration. RH-ISAC serves businesses, including retailers, restaurants, hotels, gaming casinos, food retailers, consumer products, and other consumer-facing companies. For more information, visit www.rhisac.org.

SOURCE Retail and Hospitality ISAC

Cybersecurity Budgets Increase for Retail & Hospitality Industry

Red Hat Security Advisory 2023-0440-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:0440-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0440  
Issue date:        2023-01-24  
CVE Names:         CVE-2022-4139 CVE-2022-26373  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: i915: Incorrect GPU TLB flush can lead to random memory access  
(CVE-2022-4139)

* hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions  
(CVE-2022-26373)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Azure: Sometimes newly deployed VMs are not getting accelerated network  
during provisioning (BZ#2155273)

* Azure: VM Deployment Failures Patch Request (BZ#2155281)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions  
2147572 - CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
kernel-4.18.0-372.41.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.41.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.41.1.el8_6.aarch64.rpm  
perf-4.18.0-372.41.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.41.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.41.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.41.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.41.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.41.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.41.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.41.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.41.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.41.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.41.1.el8_6.s390x.rpm  
perf-4.18.0-372.41.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.41.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.41.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.41.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.41.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.41.1.el8_6.x86_64.rpm  
perf-4.18.0-372.41.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.41.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
bpftool-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.41.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.41.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.41.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.41.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.41.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.41.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4139  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/solutions/6971358

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9AIp9zjgjWX9erEAQg9Pg/9Er7Hk82Tlcs3vY1CJJqUIfo2AVzr1z3o  
kf95Z65Nu4pUrHvInLvRQsejwHYMJQ0CUiVLzeoGey+W3p7iqN3au2rhAPgqNB80  
z6ZgznAXhIoTHKZYDrRFmc7WKUcmwI+GFcpojzImdAyBTOlKAOUArLo/ymdVN1PR  
ByVc/0twtkhaCbkacs3ZqH0YsRl9M5oz6TWPG5Vl47v25hy/NBG8IgANeDBYBDsL  
101xyBH0eukaXYjral2bDfGNnTVM8rasnVTzbM1e78qs2Xy+YcMgiweoYGh8/ci/  
EsRr2lad0aoLL6vzV14QaCV3O5yOXRanFXgj4V3Ur5KQD++Fm6GVXrJJrpGiofdl  
dZP1gt7u70OdPNHJDGULnuA38fqI9q1Y7q/joeIEQW8DNNaltylSkH6QbcQORWdJ  
+RCrvXCEEN2OByn12mphTor70RiiYysCc8ZPvjZ8IV1bcFdDJn2zYryauvChCXg3  
z4mPg/tCkGKuHPkUFb8rpwlwctxPNl2T/AaFrpLCbJEZ7xFHikId7WyQo3lDQP6e  
9Zoq8GibW+Sk0pKs/6nD5tAA8ELFcibXbqBf1c0ryJtdkHMnr6egh7//df4eO0KM  
vS2ftNd/dwjSXDZW7thARNfXNy1IjozVnkx5Lljp+CEFB8alQvjPiJXA+kdxhBgo  
UqlXQmL4JOQ=V4KT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0440-01

The Wordfence Threat Intelligence team has released their 2022 State of WordPress Security report. In the report, they look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on their findings.

Tag

#intel