Month: July 2024
Signal is finally tightening its desktop client’s security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. As reported by BleepingComputer in 2018, when Signal Desktop for Windows or Mac is installed, it creates an encrypted SQLite database to store a user’s messages. This database is encrypted…
Read More
Security intelligence firm Group-IB reports that attackers from a recently created ransomware group – EstateRansomware – exploited a year old vulnerability (CVE-2023-27532) in backup software from Veeam as part of a complex attack chain. Anatomy of an attack EstateRansomware exploited a dormant account in Fortinet FortiGate firewall SSL VPN appliances to gain initial access. After…
Read More
The phrase “may have been” signals that JAXA officials are still not certain what was and was not accessed. The agency also shared a cryptic comment that “In the course of taking the above measures and strengthening monitoring, we have detected and responded to multiple unauthorized accesses to JAXA’s network since January of this year—including…
Read More
Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw. “As our systems have become more secure over time, we know it is taking much longer to find bugs – with…
Read More
‘Microsoft achieves reach, scale and success because of you,’ says Nicole Dezen, Microsoft chief partner officer. Microsoft plans more than $150 million in pre-sales and post-sales investments for its Azure Innovate offering, an incremental $90 million “to accelerate security growth” with partners and a tenfold increase to its Copilot partner investment as part of a…
Read More
Advance Auto Parts disclosed that data belonging to 2.3 million customers was exposed in an April attack targeting its Snowflake deployment. More details have emerged on what appears to have been another serious data breach linked to a campaign targeting Snowflake customers, with Advance Auto Parts disclosing that data belonging to more than 2 million…
Read More
Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals. Dallas County is the second largest county in Texas, with over 2.6 million residents. In October 2023, the Play ransomware gang added Dallas to its extortion portal on the dark web, threatening…
Read More
Jul 11, 2024NewsroomSoftware Security / Threat Intelligence Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning…
Read More
Jul 11, 2024NewsroomVulnerability / Enterprise Security Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that…
Read More
K3 Technology is rapidly evolving with the adoption of AI and is doing ‘almost everything’ differently than two years ago, Kelly Kercher, founder and CEO of K3, tells CRN. K3 Technology has acquired Dallas-based MSP OG2 Network Services, creating more opportunities for it to expand in the Dallas-Fort Worth area. Kelly Kercher, founder and CEO…
Read More