Month: June 2024
A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier (URI) that enables applications to open Windows Explorer to perform searches using specific parameters. While most Windows searches will look at…
Read More
That exposed company names, LDAP usernames, email addresses, and the version number of the company’s Purity software but no “compromising information such as passwords for array access, or any of the data that is stored on the customer systems,” a statement said. The company said it was monitoring its infrastructure for unusual activity and had…
Read More
“An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files,” the company said. The arbitrary code execution occurs with the privileges of the current user, so, in order to fully take over a system, attackers would have to combine it with a privilege escalation…
Read More
‘We’ve got some of the brightest minds from Oracle, some of the brightest Microsoft SQL Server experts in the world, some of whom actually grew up in our prior company at RDX. It’s everything required in a fractionalized delivery model. We’ve got a stable of technicians and resources here on shore, primarily clustered around our…
Read More
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. Additionally, as announced last October, the internet company reminds us that ‘root’ AWS accounts must enable MFA by the end of July 2024. Passkeys on AWS FIDO2 passkeys are physical (hardware keys) or…
Read More
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been targeted in attacks as a zero-day. Tracked as CVE-2024-32896, this elevation of privilege (EoP) flaw in the Pixel firmware has been rated a high-severity security issue. “There are indications that CVE-2024-32896 may be under…
Read More
Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news. In this week’s roundup, we will bring you up to…
Read More
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. A PWA is a web-based app created using HTML, CSS, and JavaScript that can be installed from a website like a regular desktop application. Once installed, the…
Read More
The report scores the world’s top 10 AI foundation models for language, including Google Gemini, Anthropic Claude, Amazon Bedrock, IBM Granite and OpenAI GPT-4. Forrester has reviewed, scored and ranked the world’s top AI foundation models for language—from Amazon Bedrock and Google Gemini to OpenAI GPT-4 and Anthropic Claude. AI startups like Cohere and Mistral…
Read More
Image: Midjourney Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. This is part of a broader trend in which fraudsters are trying to legitimize their scams by using government employees’s titles and names. “The Cybersecurity and…
Read More