Month: November 2024
‘Nutanix has sensed blood in the water from the Broadcom acquisition and it is making a big push to do right by partners,’ says Gary McConnell, CEO of Nutanix partner VirtuIT. ‘They’ve rolled out a ton of training and have made their technical and sales resources available to partners that are new to having discussions…
Read More
Microsoft announced today at its Ignite annual conference in Chicago, Illinois, that it’s expanding its bug bounty programs with Zero Day Quest, a new hacking event focusing on cloud and AI products and platforms. The event starts today with a research challenge where submissions of vulnerabilities for specific scenarios can earn multiplied bounty awards and…
Read More
Software-as-a-Service, an acronym for SaaS applications, has become increasingly popular among businesses looking to enhance efficiency, productivity, and scalability. These cloud-based services have exploded in popularity over the last few years, with the net consumption up 18% in 2023 and 130 apps used per business on average. As cybersecurity threats evolve and grow, the risks…
Read More
Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and “warez” sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting SEO for their dubious online properties, since Spotify’s web player results appear in search engines like Google. Spotify playlists pushing…
Read More
Chinese threat actors use a custom post-exploitation toolkit named ‘DeepData’ to exploit a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client that steal credentials. The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device Volexity researchers report that they discovered this flaw earlier this summer and…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-130 DATE(S) ISSUED: 11/18/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for authentication bypass. PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls. Successful exploitation could allow for authentication bypass with administrator privileges. An attacker could then install programs;…
Read More
Brave Browser 1.71 for iOS introduces a new privacy-focused feature called “Shred,” which allows users to easily delete site-specific mobile browsing data. Many sites use first-party cookies for paywall systems and usage limits, which technically enables user tracking across sessions and makes this data susceptible to sharing with third parties. Brave’s new Shred feature works…
Read More
Palo Alto Networks has finally released security updates for two actively exploited zero-day vulnerabilities in its Next-Generation Firewalls (NGFW). The first flaw, tracked as CVE-2024-0012, is an authentication bypass found in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges without requiring authentication or user interaction. The second one (CVE-2024-9474) is a PAN-OS privilege…
Read MoreThe CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring…
Read More
Hackers breached U.S. satellite maker Maxar Space Systems and accessed personal data belonging to its employees, the company informs in a notification to impacted individuals. The threat actor compromised the company network about a week before the discovery of the intrusion. Immediately after discovering the unauthorized access, the company took action to prevent the hackers…
Read More