Month: August 2024
Aug 20, 2024Ravie LakshmananEnterprise Security / Data Breach Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. “A potential issue in NetSuite’s SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record…
Read More
Image: Midjourney The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. Microsoft fixed the flaw, tracked as CVE-2024-38193 during its August 2024 Patch Tuesday, along with seven other zero-day vulnerabilities. CVE-2024-38193 is a Bring Your Own Vulnerable Driver (BYOVD)…
Read More
Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company’s systems on a hacking forum. “We are aware of the situation. The issue is limited in scope and is not a system wide issue,” Toyota told BleepingComputer when asked to validate the threat…
Read More
In today’s digital age, data privacy is crucial, with around 80% of countries implementing data protection laws like GDPR in Europe, CCPA in the US, PIPL in China, and DPDP in India. Technology plays a key role in compliance. Encryption and data masking secure sensitive information by making it unreadable to unauthorized users. Additionally, anonymization…
Read More
‘We’ve been on a tear from a growth perspective,’ US Signal’s John White tells CRN. ‘Once we complete the One Neck acquisition, which should happen in the next few weeks, we will have added eight new data centers to our portfolio.’ Up-and-coming data center heavyweight US Signal is making another Midwest acquisition, growing its available…
Read More
Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. Last year, ransomware payments reached a record $1.1 billion, which Chainalysis previously predicted from stats gathered in the first half of the year when ransomware activity grossed $449,100,000.…
Read More
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it’s actively exploited in attacks. Jenkins is a widely used open-source automation server that helps developers automate the process of building, testing, and deploying software through continuous integration (CI) and continuous delivery…
Read More
From AMD seeking to win new AI data center share from Nvidia to ZT Systems’ business with cloud hyperscalers, here are five big reasons why AMD’s planned $4.9 billion acquisition of ZT Systems could put pressure on rival Nvidia. From ZT Systems signing a new partnership with Nvidia in 2024 to AMD’s data center and…
Read More
Intel’s partner-centric Sales and Marketing Group plans to cut jobs and ‘simplify programs’ as part of a directive to slash costs by more than 35 percent by the end of the year, CRN has learned. The chipmaker says it remains ‘deeply committed to the channel.’ Intel’s partner-centric Sales and Marketing Group (SMG) plans to cut…
Read More2j-slideshow–Slideshow, Image Slider by 2J The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute…
Read More