Month: September 2024
Video How do analyst relations professionals sort through the noise to help deliver the not-so-secret sauce for a company’s success? We spoke to ESET’s Senior Manager of Analyst and Tester Relations Zuzana Legáthová to find out. 19 Sep 2024 The sixth episode of ESET’s Unlocked 403 cybersecurity podcast has host Alžbeta Kovaľová picking the brains…
Read More
Sep 20, 2024Ravie LakshmananEncryption / Digital Security Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. “This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can’t be accessed by anyone, not even Google,”…
Read More
Sep 20, 2024Ravie LakshmananEnterprise Security / Network Security Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by the…
Read More
Tenable®, Inc. the exposure management company, today announced that Bank of Yokohama, one of the largest of the major regional banks in Japan, has chosen Tenable Identity Exposure to protect its Active Directory and enhance the bank’s ability to protect its internal systems from cyber threats. Bank of Yokohama, based in Kanagawa Prefecture and Tokyo…
Read More
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. The flaw, tracked as CVE-2024-27348 and rated critical (CVSS v3.1 score: 9.8), is an improper access control vulnerability that impacts HugeGraph-Server versions from 1.0.0 and…
Read More
Image: MidjourneyTwo suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services. The two defendants, 20-year-old Malone Lam (aka “Greavys,” “Anne Hathaway,” and “$$$”) and 21-year-old Jeandiel Serrano (aka “Box,” “VersaceGod,” and “@SkidStar”) were arrested Wednesday night by FBI…
Read More
The vendor disclosed that a ‘limited’ number of customers have been attacked through exploits of the flaw affecting its Cloud Service Appliance. Ivanti disclosed Thursday it’s aware of attacks against some customers through exploitation of a newly discovered, critical-severity vulnerability affecting its Cloud Service Appliance (CSA) gateway. It’s the second flaw in Ivanti’s CSA gateway…
Read More
Microsoft is testing a new feature in the Edge browser called the “extension performance detector,” which warns you when browser extensions cause performance issues on web pages you visit. When browser extensions are installed, they commonly process pages visited to perform additional functionality. However, this can also use a lot of memory, which can cause…
Read More
In an interview with CRN, Sophos CEO Joe Levy discusses the future of the Windows kernel and endpoint security after attending the recent Microsoft-hosted summit of EDR vendors. Microsoft continues to signal it has no intention of restricting Windows kernel access to endpoint security vendors in the wake of the massive CrowdStrike-caused outage in July,…
Read More
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for…
Read More