Month: October 2024
Oct 10, 2024Ravie LakshmananVulnerability / Enterprise Security Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0,…
Read MoreThe current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of…
Read MoreOct 10, 2024Ravie LakshmananCybercrime / Malware Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. “At first glance, the thing that stood out was the script’s obfuscation, which seemed a bit bizarre because of all the accented characters,” Jscrambler researchers said…
Read MoreOct 10, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS,…
Read MoreOct 10, 2024Ravie LakshmananVulnerability / Browser Security Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. “An attacker was able to achieve code…
Read MoreInternet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.…
Read MoreToday, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. The flaw (CVE-2024-23113) is caused by the fgfmd daemon accepting an externally controlled format string as an argument, which can let unauthenticated threat actors execute commands or arbitrary code on unpatched devices in low-complexity attacks that don’t…
Read MoreOver 28,000 people from Russia, Turkey, Ukraine, and other countries in the Eurasian region were impacted by a large-scale cryptocurrency-stealing malware campaign. The malware campaign disguises itself as legitimate software promoted via YouTube videos and fraudulent GitHub repositories where victims download password-protected archives that initiate the infection. According to cybersecurity firm Dr. Web, the campaign uses…
Read MoreAvalon Technologies’ Newly Hired President Talks VMware Costs, Dell Storage And Leaning Into Channel
- by nlqip
‘The market obviously is shifting faster and faster to the channel. I wanted to go somewhere where I felt like there was growth potential, but still had the feeling of a family-owned business,’ Avalon Technologies President Todd Johnson, an 18-year Dell Technologies veteran, tells CRN. Michigan-based solution provider Avalon Technologies has hired Todd Johnson to…
Read MoreWith AI the name of the game this year at Zoomtopia 2024, here are the major product announcements and enhancements revealed at the event that should be on partners’ radars. Artificial intelligence was on full display this year at Zoom Video Communications’ Zoomtopia 2024. The videoconferencing giant, led by CEO Eric Yuan, unveiled the next…
Read MoreRecent Posts
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict