Month: May 2024
May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. “On instances that use…
Read More
Memcyco Inc., provider of digital trust technology designed to protect companies and their customers from digital impersonation fraud, released its inaugural 2024 State of Website Impersonation Scams report. Notably, Memcyco’s research indicates that the majority of companies do not have adequate solutions to counter digital impersonation fraud, and that most only learn about attacks from…
Read More
US businesses are believed to have recruited thousands of North Korean IT workers, sending earnings (and potentially data) to North Korea. This week, an American woman named Christina Marie Chapman was arrested in Arizona. She is accused of being part of an elaborate scheme that generated almost US $7 million in funds for North Korea,…
Read More
Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally —…
Read More
Despite being one of the top SIEM tools for years, IBM QRadar is ‘basically surrendering—in the transition to the cloud—to another vendor,’ a Forrester analyst tells me. The deal was announced the same day as another surprise move in the market, in a sign of the fading fortunes of traditional SIEM vendors. If last week’s…
Read More
Paul Raffile was in national security and corporate threat assessment before (almost) running human exploitation investigations for a major social media company (therein lies this week’s tale). He talked with us about this “silent epidemic” and vanishing job offers. In this week’s Tinfoil Swan, we reiterate the need for “no-shame” conversations about what we do…
Read More
“We’re going to have a big refresh moment,” Microsoft VP Mark Linton tells CRN in an interview. Copilot+ PCs, which Microsoft bills as “the fastest, most intelligent Windows PCs ever built,” carry a massive partner opportunity as Windows 10 end of support spurs customers into looking at buying new devices. “We’re going to have a…
Read More
Google is rolling out a server-side fix for a known issue affecting the Chrome browser that causes webpage content to temporarily disappear when users change between open tabs. This comes after users reported experiencing issues with Chrome not loading websites and even triggering heavy resource usage in some cases. “We are aware of an issue…
Read More
‘Nvidia is the market leader today. They have an entire ecosystem that they bring to the table from the GPU to the infrastructure stack and to the application frameworks that will help to accelerate it. We are coupling our Kyndryl services with the Nvidia hardware and software to help clients with solutions independent of the…
Read More
Zero-day vulnerabilities present grave cybersecurity risks, representing unseen weaknesses in software exploited by hackers. These vulnerabilities often remain undetected by antivirus tools, leaving systems vulnerable to malicious attacks. The consequences of such attacks can be severe, ranging from data breaches to complete system compromise. To address this threat, companies have implemented regular security audits and…
Read More