Author: nlqip
Multiple vulnerabilities have been discovered in Google Products that could allow for privilege escalation and remote code execution in the context of the affected component. Following the MITRE ATT&CK framework, exploitation of these vulnerabilities can be classified as follows: Tactic: Privilege Escalation (TA0004): Technique: Abuse Elevation Control Mechanism (T1548): Multiple vulnerabilities in Framework that could…
Read More
A partial selfie posted by Puchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story…
Read More
Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news. In this week’s round-up, we look into the significant implications…
Read More
Here’s the global cloud market share results and six world leaders for Q2 2024, which include AWS, Alibaba, Google Cloud, Oracle, Microsoft and Salesforce, according to new market data. Global cloud market share for the three cloud giants—Microsoft, Google Cloud and AWS—shifted during the second quarter of 2024 as enterprise cloud spending reached a new…
Read More
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerability leveraged in these attacks is CVE-2024-4885, a critical-severity (CVSS v3 score: 9.8) unauthenticated remote code execution flaw impacting Progress WhatsUp Gold 23.1.2 and older. Proof-of-concept (PoC) exploits for CVE-2024-4885…
Read MoreCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read More
“The MSP market is a great place for a private equity company like EQT to put their money,” said David Stinner, president of US itek, a Buffalo, N.Y.-based MSP. “Once you have an MSP beholden to a backup/cybersecurity solution like Acronis they don’t leave.” MSP cybersecurity and backup provider Acronis is being acquired in a…
Read More
‘The acquisition of CX Effect significantly expands our portfolio by incorporating over 40 new suppliers,’ says Drew Lydecker, co-founder and president of Avant. ‘This accelerates Avant’s success as we continue to address the rapidly growing cybersecurity, cloud infrastructure and AI markets.’ Avant has acquired technology distributor CX Effect in a move to grow its business,…
Read More
Aug 07, 2024Ravie LakshmananEmail Security / Vulnerability Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances. “When a victim views a malicious email in Roundcube sent by an…
Read More
Aug 07, 2024Ravie LakshmananLinux / Vulnerability Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. “Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics…
Read More