Month: July 2024
The reported effort by Google to beef up its cloud and AI security offerings by potentially acquiring Wiz shows how central cybersecurity has become in the tech industry, solution provider executives tell CRN. Whether or not the Google’s reported efforts to acquire cloud security unicorn Wiz pan out, the apparent willingness by the tech giant…
Read More
Network security controls are no longer reliable or sufficient. They are easily evaded, prone to false positives, and feed a costly ecosystem of alert management and incident response. According to pen testing by Positive Technologies, an external attacker can breach an organization’s network perimeter in 93% of cases. This is unacceptable, and you no longer…
Read More
Cisco has fixed a maximum severity vulnerability that allows attackers to change any user’s password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. The flaw also impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite). As a Cisco Smart Licensing component,…
Read More
Jul 17, 2024NewsroomCyber Espionage / Cryptocurrency Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People’s Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named “MiroTalk.dmg”…
Read More
A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. Known only by their ’emo’ handle, they said the unsecured API endpoint used to steal the data provided an easy way to verify each impacted user’s email address, name, and phone…
Read MoreCloudflare Reports that Almost 7% of All Internet Traffic Is Malicious 6.8%, to be precise. From ZDNet: However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability CVE-2024-28995 SolarWinds Serv-U Path Traversal Vulnerability CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability These types of vulnerabilities are frequent attack…
Read More
AWS, UiPath, Microsoft, Nvidia, SAP and SoftwareOne were among the tech companies making key executive hires and moves in June 2024. New CEOs at Amazon Web Services and UiPath plus a chief artificial intelligence officer at Microsoft. Matt Garman, an 18-year AWS veteran; Daniel Dines, UiPath’s co-founder; and Vassili Patrikis, previously with Amazon, were some…
Read More
What’s happened? A new strain of the HardBit ransomware has emerged in the wild. It contains a protection mechanism in an attempt to prevent analysis from security researchers. HardBit? I think I’ve heard of that before. Quite possibly. HardBit first emerged in late 2022, and quickly made a name for itself as it attempted to…
Read More
Cloud networking standout Aviatrix hires Google Cloud’s director of Anthos and Google Kubernetes Enterprise as its new CTO. Cloud networking standout Aviatrix has hired former Google Kubernetes and VMware NSX all-star engineer Anirban Sengupta as its new CTO and senior vice president of engineering. Sengupta was previously Google Cloud’s senior director for Anthos and Google…
Read More