Author: nlqip
Does Your Business Have an Effective Data Security Policy? In today’s big data focused environment, a comprehensive information security policy is more important than ever. As well as dealing with increasing volumes of sensitive information, IT teams will need to manage data stored across a wide variety of systems, including cloud networks and personally-owned mobile…
Read More
VMware Tools is a component installed in VMware-based virtual machines in order to communicate with the host system and enable file and clipboard operations as well as shared folders and drivers. “Although the origin of the malicious code in vmtoolsd.exe in this incident is unknown, there have been documented infections wherein vulnerabilities in legitimate applications…
Read More
Apr 04, 2024NewsroomNetwork Security / Vulnerability Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows – CVE-2024-21894 (CVSS score: 8.2) – A heap overflow vulnerability in the IPSec component of Ivanti…
Read More
Google says it is deleting the your Google Chrome Incognito private-browsing data that it should never have collected anyway. Can a zero-risk millionaire-making bot be trusted? And what countries are banned from buying your sensitive data? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity…
Read More
According to the National Institute of Standards and Technology (NIST), cyber resilience is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” Resilience focuses on reducing the consequences that could be caused by a cyber incident. The more resilient an…
Read More
The CSRB’s recommendations cover many areas, starting with implementing modern control mechanisms and baseline practices across digital identity and credential systems. The report also stresses the importance of establishing a minimum standard for default audit logging in cloud services. “CSPs should maintain sufficient forensics to detect exfiltration of those data, including logging all access to…
Read More
Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cyber security and this bi-weekly publication is your gateway to the latest news. In this week’s edition of the roundup, we will…
Read More10web — photogallery The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue.…
Read More
Apr 03, 2024NewsroomMobile Security / Zero Day Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows – CVE-2024-29745 – An information disclosure flaw in the bootloader component CVE-2024-29748 – A privilege escalation flaw in the firmware…
Read More
Apr 03, 2024NewsroomData Breach / Incident Response The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland…
Read More