Month: September 2024
HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points. The security flaws tracked as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507 and rated with a 9.8/10 severity score could allow unauthenticated attackers to gain remote code execution on vulnerable devices by sending specially crafted packets to the…
Read More
Sep 26, 2024Ravie LakshmananCyber Espionage / Mobile Security As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion…
Read More
Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don’t have the time –…
Read More
Sep 26, 2024Ravie LakshmananCloud Security / Cyber Espionage An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing…
Read More
Sep 26, 2024Ravie LakshmananCyber Espionage / Hacking Nation-state threat actors backed by Beijing broke into a “handful” of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt…
Read More
As part of CRN’s CEO Outlook project earlier this year, we asked CEOs across the IT industry what impact they expected AI to have on the business they and their partners would do together in 2024. Source link lol
Read More
‘Carahsoft is fully cooperating on this matter,’ a spokesperson says. Carahsoft confirmed to CRN that representatives from the United States Department of Justice came to the solution provider giant’s office Tuesday as part of an investigation into a separate company. In an email, a spokesperson with the government-focused IT company–No. 16 on CRN’s 2024 Solution…
Read More
Kids Online Here’s what parents should know about Snapchat and why you should take some time to ensure your children can stay safe when using the app 24 Sep 2024 • , 5 min. read Snapchat may only be the 10th most popular social media platform in the world, but it estimates monthly active users…
Read More
The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years. This is well below the 70% previously found in Chromium, making Android an excellent example of how a large project can gradually and methodically move…
Read More
European digital rights group NOYB (None Of Your Business) has filed a privacy complaint with the Austrian data protection watchdog (DSB) against Mozilla, alleging the company uses a Firefox privacy feature (enabled without consent) to track users’ online behavior. The feature, called “Privacy-Preserving Attribution” (PPA) and jointly developed with Meta (formerly Facebook), was announced in…
Read More