Month: October 2024

MS-ISAC ADVISORY NUMBER: 2024-107 DATE(S) ISSUED: 10/01/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.   Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…

Read More

We recommend the following actions be taken: * Apply appropriate updates provided by Zimbra to vulnerable systems immediately after appropriate testing. (**[M1051](https://attack.mitre.org/mitigations/M1051/): Update Software**)    * **Safeguard 7.1: Establish and Maintain a Vulnerability Management Process:** Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes…

Read More

Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. In December, the United Kingdom and its Five Eyes allies linked this threat group to Russia’s Federal Security Service (FSB), the country’s…

Read More

‘So much of Tableau’s success is thanks to our partners’ investment in our customers,’ says Tableau CEO Ryan Aytay. Salesforce plans to roll out a Tableau Einstein Alliance partner community in February with the goal of furthering artificial intelligence and AI agent creation and delivery through access to experts, marketing materials and product road map…

Read More

‘The popularity of Agentic AI can be seen in the solutions built by Salesforce, ServiceNow, Glean and others, as well as the custom agents our clients are asking us to build using Google’s Gemini technology,’ says the CEO of a Google Cloud partner. Google Cloud partners are hopeful that Google reportedly paying $2.7 billion to…

Read More

Oct 03, 2024Ravie LakshmananMobile Security / Technology Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that’s responsible for handling all connectivity, such as LTE, 4G,…

Read More

MS-ISAC ADVISORY NUMBER: 2024-109 DATE(S) ISSUED: 10/02/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could…

Read More

Adobe Commerce and Magento online stores are being targeted in “CosmicSting” attacks at an alarming rate, with threat actors hacking approximately 5% of all stores. The CosmicSting vulnerability (CVE-2024-32102) is a critical severity information disclosure flaw; when chained with CVE-2024-2961, a security issue in glibc’s iconv function, an attacker can achieve remote code execution on the…

Read More

A cybersecurity researcher tells CRN that his own family was recently targeted with a convincing voice-clone scam. While audio deepfake attacks against businesses have rapidly become commonplace in recent years, one cybersecurity researcher says it’s increasingly clear that voice-clone scams are also targeting private individuals. He knows this first-hand, in fact. The researcher, Kyle Wilhoit…

Read More

Two Chinese nationals were sentenced to prison for scamming Apple out of more than $2.5 million after exchanging over 6,000 counterfeit iPhones for authentic ones. Between July 2017 and December 2019, Haotian Sun, Pengfei Xue, and their co-conspirators, Wen Jin Gao and Dian Luo, exploited Apple’s device replacement policy to replace non-functioning fake iPhones for…

Read More