Month: July 2024
Three individuals who orchestrated a massive software pirating operation involving the sale of Avaya business telephone system software licenses worth over $88,000,000 have been sentenced to prison. The three men, Raymond Bradley “Brad” Pearce, Dusti O. Pearce, and Jason M. Hines, were also ordered to forfeit large amounts of money as part of their sentencing,…
Read More
The ability to drive innovation for technology products, solutions and services is the hallmark of CRN’s Top 25 Innovators of 2024 list. In an increasingly commoditized product world, innovation is key for businesses looking to differentiate themselves. But innovation is not just building a better widget. Done right, innovation in the IT business can be…
Read More
Morgan Stanley has checked with CrowdStrike partners and is now ‘slightly more’ confident in the vendor’s recovery despite short-term impacts to recurring revenue. While CrowdStrike will see an impact to new recurring revenue during the second half of the year in the wake of the historic Windows outage caused by its faulty update, the security…
Read More
Jul 29, 2024Ravie LakshmananEnterprise Security / Data Protection Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords. The…
Read More
Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. Tracked as CVE-2024-37085, this medium-severity security flaw was discovered by Microsoft security researchers Edan Zwick, Danielle Kuznets Nohi, and Meitar Pinto and fixed with the release of ESXi 8.0 U3 on June 25. The bug enables attackers to…
Read More
Hackers have released internal documents stolen from one of America’s largest IT services providers, which counts various US government agencies, including the Department of Defense, amongst its customers. Bloomberg reports that the leaked data, which belonged to Virginia-based Leidos Holdings, was seized by hackers during a previously-reported breach in 2022 of software-as-a-service firm Diligent. The…
Read More1Panel-dev–KubePi KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the key is…
Read More
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. HealthEquity, one of the largest HSA custodians in the U.S., specializes in providing health savings accounts (HSAs), flexible spending accounts (FSAs), health reimbursement arrangements (HRAs), and 401(k) retirement plans. In a Form 8-K filing submitted…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability CVE-2024-5217 ServiceNow Incomplete List of Disallowed Inputs Vulnerability CVE-2023-4249 Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…
Read More
‘This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,’ a Microsoft executive says in a blog. Microsoft acknowledged that it must “prioritize change and innovation” for Windows following the massive CrowdStrike-caused outage to the operating system. The outage, which began July 19 and had lingering impacts for…
Read More