Month: August 2024
Aug 15, 2024Ravie LakshmananNetwork Security / Cybercrime Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that’s targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the “IoT botnet is targeting more robust servers running on cloud native environments,” Aqua Security…
Read More
Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. In a Wednesday press release, the U.S. Department of Justice said that Kavzharadze (also known as TeRorPP, Torqovec,…
Read More
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. Tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows that…
Read More
Cisco will spend between $700 million and $800 million in the first quarter of its 2025 fiscal year. Cisco Systems confirmed massive layoffs Wednesday with plans to cut about 7 percent of its global workforce, which should cost up to $1 billion. The San Jose, Calif.-based networking giant said in a regulatory filing that the…
Read More
‘Our partners now are going to be able to have a much more comprehensive conversations with their customers on that hypervisor strategy topic,’ Dell Technologies executive Drew Schulke tells CRN. Dell Technologies and Nutanix are partnering on new storage device products and new go-to-market strategy that is taking dead aim at the market looking for…
Read MoreMicrosoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. Tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows that…
Read More
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. Attackers stealing these tokens could gain unauthorized access to private repositories, steal source code, or inject malicious code into projects. The discovery by Palo Alto Networks’ Unit 42…
Read More
The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. The agency encourages system administrators to start the transition to the new algorithms as soon as possible, since timely adoption is paramount for protecting sensitive information from attackers with a…
Read More
As interest in AI soars, security leaders are prioritizing an architecture framework that supports innovation and delivers end-to-end protection of sensitive data and models—all while mitigating data exfiltration, poisoning, and other nefarious use case risks. Inadvertent leaks of AI models trained on PII data, users sharing sensitive information via genAI prompts, and use of AI…
Read More
Microsoft has retired several Windows security updates released during the January 2024 Patch Tuesday that have been causing 0x80070643 errors when installing Windows Recovery Environment (WinRE) updates. Redmond first acknowledged this known issue in January, days after widespread reports from Windows users of 0x80070643 errors. The company released the problematic KB5034441 (Windows 10 21H2/22H2), KB5034440…
Read More