Author: nlqip
Microsoft has published a “Cyber Signals” report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States. The FBI previously warned about Storm-0539’s (aka “Ant Lion”) activities earlier this month, highlighting the threat group’s advanced techniques in conducting gift card theft and fraud,…
Read More
Mark Tauschek, vice president of research fellowships and distinguished analyst at Info-Tech Research Group, sees the new class of Windows computers leveraging Copilot a logical next step for Microsoft, especially given the rise of AI-enabled attacks. “The only way to defend against AI-enabled attacks is with AI-enabled defenses,” he said. “Leveraging OpenAI in Azure and…
Read More
‘Security is a team sport,’ Microsoft CVP Vasu Jakkal said on a panel this week. Microsoft solution providers are “critical” to the vendor’s plans for achieving and maintaining responsible artificial intelligence and security, Microsoft executives told CRN this week. During a panel on responsible AI and security held the week of Microsoft Build 2024, CRN…
Read More
Well-known ransomware gang LockBit has been usurped as the world’s top ransomware gang, according to a recent report from NCC Group. For the past eight months, LockBit has led the world in ransomware attacks. But the group had its assets seized in February in connection with a crackdown by The National Crime Agency of the UK, working…
Read More
Experts at HP, Xerox, Lexmark, Sharp and Brother talk to CRN about how their companies are using AI to improve the way printers are used, managed and maintained. Vendors in the printer industry are already using AI technologies to improve how people use, manage and maintain printers, and some expect those investments to expand, experts…
Read More
GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. The security flaw (tracked as CVE-2024-4835) is an XSS weakness in the VS code editor (Web IDE) that lets threat actors steal restricted information using maliciously crafted pages. While they can exploit this vulnerability in attacks that…
Read More
May 23, 2024NewsroomThreat Intelligence / Vulnerability, The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control…
Read More
May 23, 2024NewsroomRansomware / Virtualization Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed. “Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,” cybersecurity firm…
Read More
Security researchers reverse-engineered Apple’s recent iOS 17.5.1 update and found that a recent bug that restored images deleted months or even years ago was caused by an iOS bug and not an issue with iCloud. Despite widespread reports from users and tech outlets confirming the alarming issue, Apple remained silent about the root cause, failing to…
Read More
The United Kingdom’s Information Commissioner Office (ICO) intends to impose a fine of £750,000 ($954,000) on the Police Service of Northern Ireland (PSNI) for exposing the entire workforce’s personal details by mistakenly publishing a spreadsheet online. PSNI disclosed the incident on August 8, 2023, when the police force warned that a mistake occurred during a…
Read More