Author: nlqip
Aug 22, 2024Ravie LakshmananNetwork Security / Zero-Day Details have emerged about a China-nexus threat group’s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399…
Read More
The evolving threat environment and growing regulatory pressures are prompting more organizations to begin measuring their cyber risk from a financial perspective, according to Optiv’s James Turgal. Amid a convergence of factors including the intensification of both cyberthreats and regulatory pressures, more organizations are focusing on quantifying their cyber risk from a financial perspective, executives…
Read More
CEO Sridhar Ramaswamy dives into Cortex AI and Iceberg customer momentum, the impact of Snowflake’s recent cyberattack and how AI will ‘c ontribute materially to revenue’ in 2025 . CEO Sridhar Ramaswamy was bullish about his company’s AI future during Snowflake’s Q2 earnings report on Wednesday, while also downplaying his company’s recent cyberattack and unveiling…
Read More
Aug 22, 2024Ravie LakshmananCloud Security / Application Security As many as 15,000 applications using Amazon Web Services’ (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That’s according to findings from Israeli cybersecurity company Miggo, which dubbed the problem…
Read More
Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited in attacks. “Google is aware that an exploit for CVE-2024-7971 exists in the wild,” the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript…
Read More
SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. Web Help Desk (WHD) is an IT help desk software widely used by government agencies, large corporations, and healthcare and education organizations to automate and streamline help desk management tasks. SolarWinds’ IT management products…
Read MoreCISA released five Industrial Control Systems (ICS) advisories on August 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read More
Business Security Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with 21 Aug 2024 • , 3 min. read Governments create legislation and regulations primarily to protect public interests and keep order, ensuring…
Read More
A member of the Russian Karakurt ransomware group has been charged in the U.S. for money laundering, wire fraud, and extortion crimes. An investigation from the FBI uncovered that 33-year old Deniss Zolotarjovs was a member of the Karakurt extortion operation that compromised company systems, stole data, and then demanded a ransom from the victims under…
Read More
A production partner of Netflix has suffered a serious security breach which has resulted in yet-to-be-released episodes of popular shows to be leaked online. As Variety reports, the security breach occurred at media localisation company Iyuno which confirmed on August 9 that it had suffered a “security issue, involving unauthorized access to confidential content.” Iyuno…
Read More