Author: nlqip

Jun 12, 2024NewsroomKubernetes / Endpoint Security Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it’s an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023. “In this incident,…

Read More

At Splunk .conf24, Cisco CEO Chuck Robbins and Go-to-Market President Gary Steele spoke to Splunk customers about the benefits of integrating the companies’ security and observability products and highlighted the opportunities those combinations will create for partners. Cisco Systems and Splunk executives are putting on a full-court press at Splunk .conf24 this week to tout…

Read More

Upgrades to Databricks’ Mosaic AI, a deeper collaboration with Nvidia and the open-sourcing of Unity Catalog are among the biggest updates from Summit 2024. Upgrades to Databricks’ Mosaic AI unified tooling product for artificial intelligence and machine learning. A deeper collaboration with Nvidia. And the open-sourcing of Unity Catalog. These are some of the biggest…

Read More

MS-ISAC ADVISORY NUMBER: 2024-072 DATE(S) ISSUED: 06/12/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…

Read More

The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself. The investigation was backed by information shared by the Dutch police who responded to a ransomware attack on a Dutch multinational,…

Read More

The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day before a fix was made available. The flaw is a high-severity issue (CVSS v3.1: 7.8) in the Windows Error Reporting Service, allowing attackers to elevate their privileges to SYSTEM. Microsoft fixed the flaw on March 12, 2024,…

Read More

However, noted Jeremy Kirk, analyst at Intel 471, not all claims of AI use may be accurate. “We use the word ‘purportedly’ to represent that it is a claim being made by a threat actor and that it is frequently unclear exactly to what extent AI has been incorporated into a product, what LLM model…

Read More

Jun 12, 2024NewsroomRansomware / Endpoint Security Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the…

Read More

Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million Ticketmaster users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of the live event company’s clientele, igniting a firestorm of concern and outrage.…

Read More

23andMe, the California-based company which sells DNA testing kits to help people learn about their ancestry and potential health risks, is facing scrutiny from British and Canadian data protection authorities following a security breach that saw hackers compromise the personal data of nearly seven million users. As we have previously reported, hackers published the data…

Read More