Author: nlqip
Questions to think through during the tabletop include: How long does the organization keep backups? How long does it take to restore from backups and has that process actually been tested? The tabletop also invites discussions around how the organization is prepared to respond to the discovery of unauthorized administrative activity, who would be notified,…
Read More
Tenable®, Inc. the Exposure Management company, today announced that Citizen Watch Co., Ltd (CITIZEN), a well-established name and brand leader in the watch industry for over 100 years, has chosen Tenable Vulnerability Management to reduce business risk related to its move to the cloud. Founded in Japan in 1918, CITIZEN is renowned for creating quality…
Read More
A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier (URI) that enables applications to open Windows Explorer to perform searches using specific parameters. While most Windows searches will look at…
Read More
That exposed company names, LDAP usernames, email addresses, and the version number of the company’s Purity software but no “compromising information such as passwords for array access, or any of the data that is stored on the customer systems,” a statement said. The company said it was monitoring its infrastructure for unusual activity and had…
Read More
“An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files,” the company said. The arbitrary code execution occurs with the privileges of the current user, so, in order to fully take over a system, attackers would have to combine it with a privilege escalation…
Read More
‘We’ve got some of the brightest minds from Oracle, some of the brightest Microsoft SQL Server experts in the world, some of whom actually grew up in our prior company at RDX. It’s everything required in a fractionalized delivery model. We’ve got a stable of technicians and resources here on shore, primarily clustered around our…
Read More
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. Additionally, as announced last October, the internet company reminds us that ‘root’ AWS accounts must enable MFA by the end of July 2024. Passkeys on AWS FIDO2 passkeys are physical (hardware keys) or…
Read More
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been targeted in attacks as a zero-day. Tracked as CVE-2024-32896, this elevation of privilege (EoP) flaw in the Pixel firmware has been rated a high-severity security issue. “There are indications that CVE-2024-32896 may be under…
Read More
Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news. In this week’s roundup, we will bring you up to…
Read More
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. A PWA is a web-based app created using HTML, CSS, and JavaScript that can be installed from a website like a regular desktop application. Once installed, the…
Read More