Author: nlqip
DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. The flaws, which Forescout Research – Vedere Labs discovered, impact both actively supported and models that have reached end-of-life. However, due to the severity, DrayTek…
Read More
Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending specially crafted emails to the SMTP server. The Zimbra remote code execution flaw is tracked as CVE-2024-45519 and exists in Zimbra’s postjournal service, which is used to parse incoming emails over SMTP. Attackers can exploit the…
Read More
Oct 02, 2024Ravie LakshmananVulnerability / Network Security A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. “These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on…
Read More
“The cultural fit of our two companies will enable our mutual success going forward,” CACI CEO John Mengucci said. CACI International has bought fellow solution provider Applied Insight in an all-cash deal that should boost its capabilities in Amazon Web Services, cloud migration, cybersecurity and productivity for government agency customers. CACI, No. 19 on CRN’s…
Read More
The global services powerhouse says its newly formed Nvidia Business Group will focus on driving enterprise adoption of what it called ‘agentic AI systems’ by taking advantage of key Nvidia software platforms that fuel consumption of GPU-accelerated data centers. Global services powerhouse Accenture said it will train 30,000 employees on Nvidia’s full stack of AI…
Read More
Oct 02, 2024Ravie LakshmananVulnerability / Data Breach Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that…
Read More
Microsoft is blocking Windows 24H2 upgrades on systems with incompatible Intel Smart Sound Technology (SST) audio drivers due to blue screen of death (BSOD) issues. Intel SST is an integrated audio DSP (Digital Signal Processor) that handles audio, voice, and speech interactions on devices with Intel Core and Intel Atom processors. The company said in…
Read More
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1.…
Read More
Microsoft has blocked Windows 24H2 upgrades on some systems because of known issues causing Asphalt 8 game crashes and Easy Anti-Cheat blue screens. While playing Asphalt 8, the game may freeze with an error when using or exiting it, requiring a game restart to recover. “After installing Windows 11, version 24H2, you might face issues…
Read More
Oct 02, 2024Ravie LakshmananCyber Threat / Malware Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. “While the attackers didn’t succeed in deploying ransomware on the networks of any of the organizations affected, it is likely…
Read More