Author: nlqip
Sep 14, 2024Ravie LakshmananEnterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. “An OS command injection vulnerability in…
Read More
Video, Ransomware ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends 13 Sep 2024 This week, ESET researchers published a deep dive into the recent activities of the CosmicBeetle cybercrime group. Among other notable things, CosmicBeetle was found to abuse the infamy of…
Read More
Image: MidjourneyPort of Seattle, the United States government agency overseeing Seattle’s seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks. The agency revealed on August 24 that the attack forced it to isolate some of its critical systems to contain the…
Read More
As Intel undergoes major spending cuts, longtime channel advocate Jason Kimrey is leaving the chipmaker along with a few other partner-facing leaders. Longtime Intel channel stalwart Jason Kimrey, a fierce channel advocate admired by partners as one of the most influential channel chiefs in the industry, is leaving the beleaguered semiconductor giant, CRN has learned.…
Read More
Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago. “Resetting 30,000 colleague passwords in person will take some time and we will be prioritising the allocation of appointments centrally,” TfL said on the…
Read More
The high-severity flaw in Ivanti’s Cloud Service Appliance (CSA) can be used to enable remote execution of code, the vendor says. Ivanti said Friday that a previously disclosed vulnerability in its Cloud Service Appliance (CSA) gateway has now seen exploitation by threat actors. As of Ivanti’s disclosure Friday, attacks exploiting the high-severity flaw had only…
Read More
DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. The proposed class action settlement, filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed…
Read More
Ivanti confirmed on Friday that a high-severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. “At the time of disclosure on September 10, we were not aware of any customers being exploited by this vulnerability. At the time of the September 13 update, exploitation of a limited number of…
Read More
Larocque is officially retiring as president of TD Synnex North America on November 30 and moving into a special advisor role. When Peter Larocque graduated with an economics degree from the University of Western Ontario in 1983 he bought a one-way ticket to San Francisco, ran out of money and ended up getting a job…
Read More
Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named “Hadooken, which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. The access obtained may also be used to execute ransomware attacks on Windows systems. Researchers at container security solution company Aqua Security observed such an attack on a…
Read More