Author: nlqip
Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. In December, the United Kingdom and its Five Eyes allies linked this threat group to Russia’s Federal Security Service (FSB), the country’s…
Read More
‘So much of Tableau’s success is thanks to our partners’ investment in our customers,’ says Tableau CEO Ryan Aytay. Salesforce plans to roll out a Tableau Einstein Alliance partner community in February with the goal of furthering artificial intelligence and AI agent creation and delivery through access to experts, marketing materials and product road map…
Read More
‘The popularity of Agentic AI can be seen in the solutions built by Salesforce, ServiceNow, Glean and others, as well as the custom agents our clients are asking us to build using Google’s Gemini technology,’ says the CEO of a Google Cloud partner. Google Cloud partners are hopeful that Google reportedly paying $2.7 billion to…
Read More
Oct 03, 2024Ravie LakshmananMobile Security / Technology Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that’s responsible for handling all connectivity, such as LTE, 4G,…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-109 DATE(S) ISSUED: 10/02/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could…
Read More
Adobe Commerce and Magento online stores are being targeted in “CosmicSting” attacks at an alarming rate, with threat actors hacking approximately 5% of all stores. The CosmicSting vulnerability (CVE-2024-32102) is a critical severity information disclosure flaw; when chained with CVE-2024-2961, a security issue in glibc’s iconv function, an attacker can achieve remote code execution on the…
Read More
A cybersecurity researcher tells CRN that his own family was recently targeted with a convincing voice-clone scam. While audio deepfake attacks against businesses have rapidly become commonplace in recent years, one cybersecurity researcher says it’s increasingly clear that voice-clone scams are also targeting private individuals. He knows this first-hand, in fact. The researcher, Kyle Wilhoit…
Read More
Two Chinese nationals were sentenced to prison for scamming Apple out of more than $2.5 million after exchanging over 6,000 counterfeit iPhones for authentic ones. Between July 2017 and December 2019, Haotian Sun, Pengfei Xue, and their co-conspirators, Wen Jin Gao and Dian Luo, exploited Apple’s device replacement policy to replace non-functioning fake iPhones for…
Read More
During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors, volumetric attacks peaked at 3.8 terabits per second, the largest publicly recorded to date. The assault consisted of a “month-long” barrage of more than 100 hyper-volumetric DDoS attacks flooding the network infrastructure with garbage data. In a volumetric DDoS attack,…
Read More
For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within…
Read More