Month: September 2024

​American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. Headquartered in Chandler, Arizona, the chipmaker has around 123,000 customers from multiple industry sectors, including industrial, automotive, consumer, aerospace and defense, communications, and computing markets. On August…

Read More

Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news. In this week’s round-up, we will explore recent developments in…

Read More

Image: MidjourneyToday, the U.S. Justice Department said the FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year’s presidential election. According to court documents, Doppelgänger is believed to be linked to Russian companies Social Design Agency (SDA), Structura National Technology…

Read More

‘The company plans to shift the narrative from merely serving MSPs to empowering them to provide exceptional service to their customers,’ says new ScalePad CEO Chris Day. Chris Day, ScalePad’s founder and executive chairman, has taken over as CEO of the Vancouver, British Columbia-based vendor and has his sights on the future. With about 12,000…

Read More

The new subpoenas are an escalation beyond the questionnaires the Justice Department previously sent to Nvidia, according to Bloomberg. Nvidia has reportedly received legally binding requests for information from the United States as part of the Department of Justice’s investigation into whether the semiconductor vendor broke antirust rules as part of its domination over the…

Read More

Cisco has fixed a command injection vulnerability with public exploit code that lets attackers escalate privileges to root on vulnerable systems. Tracked as CVE-2024-20469, the security flaw was found in Cisco’s Identity Services Engine (ISE) solution, an identity-based network access control and policy enforcement software that enables network device administration and endpoint access control in…

Read More

A new “EUCLEAK” flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico’s YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device. NinjaLab’s Thomas Roche, who discovered the flaw and devised the EUCLEAK side-channel attack, notes that the side channel can retrieve…

Read More

Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. CSLU is a Windows application that helps manage licenses and linked products on-premise without connecting them to Cisco’s cloud-based Smart Software Manager solution. The company says this critical vulnerability (CVE-2024-20439)…

Read More

North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview. The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for Windows and…

Read More

Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout. Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to a compromise with JavaScript code that steals sensitive details provided at checkout. It…

Read More