Author: nlqip
Poland says a state-backed threat group linked to Russia’s military intelligence service (GRU) has been targeting Polish government institutions throughout the week. According to evidence found by CSIRT MON, the country’s Computer Security Incident Response Team (led by the Polish Minister of National Defense) and CERT Polska (the Polish computer emergency response team), Russian APT28…
Read More
Project management platform Monday.com has removed its “Share Update” feature after threat actors abused it in phishing attacks. Monday.com is a cloud-based project management platform that allows teams to organize and manage their work using automated workflows and dashboards. The platform is used by 225,000 customers, including Coca-Cola, Canva, LionsGate, Oxy, Compass, and Zippo. On Tuesday, Monday.com customers…
Read MoreApply appropriate updates provided by F5 to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.4: Perform…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-049 DATE(S) ISSUED: 05/09/2024 OVERVIEW: A vulnerability has been discovered in the Apache OFBiz, which could allow for remote code execution. Apache OFBiz is an open-source product for the automation of enterprise processes. It includes framework components and business applications for ERP, CRM, E-Business/E-Commerce, Supply Chain Management and Manufacturing Resource Planning. Successful…
Read More
Do you know Dmitry Yuryevich Khoroshev? If you do, there’s a chance that you might well on the way to receiving a reward of up to $10 million. Read more in my article on the Exponential-e blog. Source link lol
Read More
Tyler Prince, Snowflake’s worldwide leader of Alliances and Channel, explains to CRN Snowflake’s mission to create the best AI, app and expertise partner ecosystem in the world as the AI era heats up. Snowflake is assembling the world’s best partner ecosystem for AI and applications with a unique approach that only Snowflake can provide, according…
Read More
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin’s private SSH key. XenCenter helps manage Citrix Hypervisor environments from a Windows desktop, including deploying and monitoring virtual machines. The security flaw (tracked as CVE-2024-31497) impacts multiple versions of XenCenter for Citrix Hypervisor…
Read More
‘It’s probably one of the biggest announcements that we’ve ever made, or ever will make, because for the first time, Dell now has a cloud storage product to sell. This is hugely important to them because their customers sometimes say, ‘Hey Dell guys, I don’t really want to buy any more on-prem storage from you…
Read More
May 09, 2024NewsroomEncryption / Data Privacy Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim’s network traffic by just being on the same local network. The “decloaking” method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that…
Read MoreHow to limit the effectiveness of tools commonly used by malicious actors. Source link lol
Read More