Author: nlqip

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2014-0497 Adobe Flash Player Integer Underflow Vulnerability CVE-2013-0643 Adobe Flash Player Incorrect Default Permissions Vulnerability CVE-2013-0648 Adobe Flash Player Code Execution Vulnerability CVE-2014-0502 Adobe Flash Player Double Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors…

Read More

CISA released three Industrial Control Systems (ICS) advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol

Read More

The email and data security vendor has unveiled an array of updates that are geared toward increasing opportunities for channel partners, according to Proofpoint Channel Chief Joe Sykora. Proofpoint is rolling out an array of updates across partner services, data protection and AI security capabilities that are geared toward increasing opportunities for the channel, according…

Read More

By the time Ken understood what happened, his similar-looking identity thief had walked off with $8,000. In this episode, we learn about a vulnerability courtesy the DMV and what an enterprising identity thief was able to do with it.  Eva Velasquez from the Identity Theft Resource Center offers tips on safeguarding yourself against all stripe…

Read More

While the startup originally developed its data “feature store” software for providing data to machine learning systems, Tecton has enhanced its system to provide relevant, reliable data for generative AI large language models. Tecton is expanding beyond its machine learning roots into the generative AI arena with a new release of its data “feature store”…

Read More

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational cybersecurity and aligns the collective operational defense capabilities across the federal enterprise. Currently, federal agencies maintain their own networks and…

Read More

Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not…

Read More

Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors. The exposed information includes personally identifiable information (PII), internal system details, user credentials, access tokens for live production systems, and other essential information depending on the Knowledge Base topic. Aaron…

Read More

Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. Known as ‘PKfail,’ and now tracked as CVE-2024-8105, the supply chain attack is caused by test Secure Boot master key (Platform Key “PK”), which…

Read More

One of the most frequent questions we get from our clients considering our Dedicated Resources are, “How do your Dedicated Resources differ from traditional staff augmentation?” It’s a great question and one that highlights a crucial distinction in how we approach cybersecurity. We’re going break down those differences in the blog below, so you can…

Read More