Month: November 2024
The third installation of Channel Women in Security podcast, Cass is joined by the “mother of hackers.” As the founder of Black Girls Hack, Tennisha Martin is on a mission to close the ethical hacker’s skills gap by building the next generation of cybersecurity leaders. In episode 3 of the Channel Women in Security podcast,…
Read More
Data center veteran Jim Buie – whose resume includes stops at Flexential and AT&T – was named CEO of Tonaquint ,which has 140,000 square feet of data center space under management in facilities across the U.S. Data center veteran Jim Buie – whose resume includes stops at Flexential and AT&T – was named CEO of…
Read More
UK’s National Cyber Security Centre (NCSC) has published an analysis of a Linux malware named “Pigmy Goat” created to backdoor Sophos XG firewall devices as part of recently disclosed attacks by Chinese threat actors. Last week, Sophos published a series of reports dubbed “Pacific Rim” that detailed five-year attacks by Chinese threat actors on edge networking…
Read Moreabdullahirfan — documentpress Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n/a through 2.1. 2024-10-29 6.1 CVE-2024-49656 audit@patchstack.com abdullahirfan — whitelist Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Abdullah Irfan Whitelist allows…
Read MoreCISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s…
Read More
The password problem — weak, reused credentials that are easy to compromise yet hard to remember and manage — plagues users and organizations. But despite technological advances, passwords still guard 88% of the world’s online services. So how can IT leaders overcome this challenge? In this post, we explore why passwords are so easy to…
Read MoreCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD)…
Read More
A new phishing campaign dubbed ‘CRON#TRAP’ infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks. Using virtual machines to conduct attacks is nothing new, with ransomware gangs and cryptominers using them to stealthily perform malicious activity. However, threat actors commonly install these manually after they…
Read More
CRN showcases the hottest 100 edge computing companies, including the top 25 cybersecurity companies, 25 IoT and 5G vendors, and 50 hardware, software and services edge companies. Companies at the forefront of the global edge computing market range from cloud giants and cybersecurity superstars to hybrid work specialists and AI startups. With market research firm…
Read More
CRN breaks down the head-to-head comparison of Microsoft, AWS and Google Cloud’s recent financial earnings results for third-quarter 2024, including revenue, sales growth, cloud market share and operating income. The world’s three largest cloud computing companies have reported their financial earnings results for the third-quarter 2024 calendar year, with Google Cloud growing revenue the fastest,…
Read More