What are your opinions about this?

I just don't understand his statement , can you elaborate more?

One of my favs

If it's not related to the topic of the community, report and I will remove.

I'll be doing a cleanup of some of the feeds to remove some of the lower content sites over the coming days

One of my fav communities right now, hobbydrama is some of the best drama

The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News.

The approach devised by Jamf, in a nutshell, provides an illusion to the user that the Airplane Mode is on while allowing a malicious actor to stealthily maintain a cellular network connection for a rogue application.

That is an excellent interview ... Thanks for sharing.

That certainly adds to the whole problem with payouts.

Good point about the cyber-insurance aspect of things perpetuating the problem.

I don't have hard data but I believe this will be a thing of the past soon enough. With ransomware being so common an issue now & the requirements to obtain said insurance getting harder to meet, I could see that not being a viable or cost-effective solution to restoring service.

Never pay ... I'm pretty sure there is an aesops fable about a farmer and a snake that gives you the best advice on this issue.

How could you possibly prove that all copies have been deleted?

That's always the best part of these articles-- we believe the extortionists will not try to further extort us based on their word (or a screenshot of an empty folder)

Razzle khan in da house

Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data.

The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week. Ninja Forms is installed on over 800,000 sites.

A brief description of each of the vulnerabilities is below -

• CVE-2023-37979 (CVSS score: 7.1) - A POST-based reflected cross-site scripting (XSS) flaw that could allow any unauthenticated user to achieve privilege escalation on a target WordPress site by tricking privileged users to visit a specially crafted website.

• CVE-2023-38386 and CVE-2023-38393 - Broken access control flaws in the form submissions export feature that could enable a bad actor with Subscriber and Contributor roles to export all Ninja Forms submissions on a WordPress site. Users of the plugin are recommended to update to version 3.6.26 to mitigate potential threats.

Also discovered by the WordPress security company is a critical bug in the HT Mega plugin (CVE-2023-37999) present in versions 2.2.0 and below that enables any unauthenticated user to escalate their privilege to that of any role on the WordPress site.

I feel for ya 🤗