Month: May 2024
MS-ISAC ADVISORY NUMBER: 2024-060 DATE(S) ISSUED: 05/23/2024 OVERVIEW: A vulnerability has been discovered in GitHub Enterprise Server (GHES), which could allow for authentication bypass. GHES is a popular platform for software developers. Organizations can build and store software applications using Git version control and automate deployment pipelines. Successful exploitation of this vulnerability could allow for…
Read MoreArtificial intelligence (AI) holds significant promise to increase productivity across business functions, and cybersecurity is no exception. Arguably no area of the security operation is more poised to benefit from AI than the security operations center (SOC). Today’s SOC teams manage a constant onslaught of attacks while navigating a complex and fragmented tooling landscape, an…
Read MoreAttackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems. The company behind this software, also known as JAVS, says the digital recording tool currently has over 10,000 installations in many courtrooms, legal offices, correctional facilities, and government agencies worldwide. JAVS has…
Read MoreThat means that CISOs should make sure that systems are trying to differentiate between automated and manual attacks. And to then examine manual attacks very carefully, Harrigan said. CISOs should “spend extra time” examining the manual attack attempts, he said, as doing so may give the security operations center a sneak preview of a zero-day,…
Read MoreMicrosoft has published a “Cyber Signals” report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States. The FBI previously warned about Storm-0539’s (aka “Ant Lion”) activities earlier this month, highlighting the threat group’s advanced techniques in conducting gift card theft and fraud,…
Read MoreMark Tauschek, vice president of research fellowships and distinguished analyst at Info-Tech Research Group, sees the new class of Windows computers leveraging Copilot a logical next step for Microsoft, especially given the rise of AI-enabled attacks. “The only way to defend against AI-enabled attacks is with AI-enabled defenses,” he said. “Leveraging OpenAI in Azure and…
Read More‘Security is a team sport,’ Microsoft CVP Vasu Jakkal said on a panel this week. Microsoft solution providers are “critical” to the vendor’s plans for achieving and maintaining responsible artificial intelligence and security, Microsoft executives told CRN this week. During a panel on responsible AI and security held the week of Microsoft Build 2024, CRN…
Read MoreWell-known ransomware gang LockBit has been usurped as the world’s top ransomware gang, according to a recent report from NCC Group. For the past eight months, LockBit has led the world in ransomware attacks. But the group had its assets seized in February in connection with a crackdown by The National Crime Agency of the UK, working…
Read MoreExperts at HP, Xerox, Lexmark, Sharp and Brother talk to CRN about how their companies are using AI to improve the way printers are used, managed and maintained. Vendors in the printer industry are already using AI technologies to improve how people use, manage and maintain printers, and some expect those investments to expand, experts…
Read MoreGitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. The security flaw (tracked as CVE-2024-4835) is an XSS weakness in the VS code editor (Web IDE) that lets threat actors steal restricted information using maliciously crafted pages. While they can exploit this vulnerability in attacks that…
Read MoreRecent Posts
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict