Month: August 2024
RansomHub ransomware operators are now deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks. Named EDRKillShifter by Sophos security researchers who discovered it during a May 2024 ransomware investigation, the malware deploys a legitimate, vulnerable driver on targeted devices to escalate privileges, disable security…
Read More
When tech companies look for ways to optimize operations, respond to changing market conditions, re-adjust priorities, or even shut down their operation, the impact on employee livelihood can be big. CRN looks at 10 of the most significant tech layoffs that have made their mark so far in 2024. IT Sector Layoffs Still Happening In…
Read More
However, researchers noted in the FAQ that the Repository does have several limitations, including being limited to risks from the 43 taxonomies, so it “may be missing emerging, domain-specific risks, and unpublished risks, and has potential for errors and subject bias; we used a single expert reviewer for extraction and coding.” Despite those shortcomings, the…
Read MoreNIST Releases First Post-Quantum Encryption Algorithms From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three…
Read More
‘With the acquisition of Morpheus Data, we will take the next major leap to make HPE GreenLake cloud the de facto platform for innovating across hybrid IT,’ says HPE’s Fidelma Russo. HPE is making the “next major leap” in HPE GreenLake with the planned acquisition of hybrid cloud management and automation all-star Morpheus Data. “With…
Read More
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. Tracked as CVE-2024-38058, this important severity security flaw can let attackers bypass the BitLocker Device Encryption feature and access encrypted data with physical access to the…
Read MoreCISA released eleven Industrial Control Systems (ICS) advisories on August 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read More
Aug 15, 2024Ravie LakshmananEnterprise Security / Vulnerability SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. “SolarWinds Web Help Desk was found…
Read More
Iranian hackers tied to recent U.S. presidential campaign cyberattacks abuse services like Google Workspace, Dropbox and OneDrive, says Google in a new cybersecurity report. Google’s Theat Analysis Group found an Iranian government-backed hacking group, known as APT42, has conducted phishing cyberattacks targeting “accounts associated with the U.S. presidential election.” “In May and June, APT42 targets…
Read More
Microsoft has shared a temporary fix for a known issue that causes Microsoft 365 apps like Outlook, Word, and OneNote to unexpectedly crash while typing or spell-checking a text. According to a support document published on Wednesday, these crashes affect users of Excel for Microsoft 365, Word for Microsoft 365, Outlook for Microsoft 365, PowerPoint…
Read More