Month: September 2024
Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. vCenter Server is the central management hub for VMware’s vSphere suite, helping administrators manage and monitor virtualized infrastructure. The vulnerability (CVE-2024-38812), reported by TZL security researchers during China’s 2024 Matrix Cup hacking contest, is…
Read More
Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks. The malicious activity was first spotted by Huntress, whose researchers detected the attacks on September 14, 2024. Huntress has already seen active breaches through these attacks at plumbing, HVAC, concrete, and other…
Read More
A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others. While Cloudflare says they are currently conducting scheduled maintenance in Sinagpore and Nashville, its status page does not indicate any problems. However, for many users worldwide, when attempting to access websites utilizing Cloudflare,…
Read More
The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T to resolve a probe into whether the telecom giant failed to protect customer data after a vendor’s cloud environment was breached three years ago. The FCC’s investigation also looked into AT&T’s supply chain integrity and whether the telecom giant engaged in poor…
Read More
A researcher from security vendor AppOmni uncovered more than 1,000 ServiceNow instances that have been exposing Knowledge Base data. More than 1,000 ServiceNow instances have been discovered to be exposing potentially sensitive Knowledge Base data, according to a researcher from SaaS security vendor AppOmni. Knowledge Base (KB) data “can be a treasure trove of sensitive…
Read More
Digital Security Artificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one 16 Sep 2024 • , 3 min. read That was fast. While the RSA Conference was oozing AI (with or without merit) from every orifice, the luster faded quickly. With a recent spate of…
Read More
‘While we started by catching up with older, more established tools, we are now leading the industry in innovation,’ says HaloPSA CEO Tim Bowers. HaloPSA is experiencing the only good issue a company could have: growing pains. When starting out, the U.K.-based professional services automation vendor was playing catch-up in terms of automation and innovative…
Read More
CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of cross-site scripting vulnerabilities before shipping. The two federal agencies said that XSS vulnerabilities still plague software released today, creating further exploitation opportunities for threat actors even though they’re preventable and should not be present in…
Read More
From Google’s new Partner Companion collaborator and AI models available on Vertex AI, to a new Managed GDC Provider program and Oracle integrations, here’s five recent Google Cloud launches for channel partners that you need to know about. Google Cloud has launched a slew of new artificial intelligence and generative AI products and offerings for…
Read More
Ransomware gangs like BianLian and Rhysida increasingly use Microsoft’s Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. Storage Explorer is a GUI management tool for Microsoft Azure, while AzCopy is a command-line tool that can facilitate large-scale data transfers to and from Azure storage. In…
Read More