Author: nlqip
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability Users and administrators are also encouraged to review the Palo…
Read More
Microsoft 365, Office 365 and Enterprise Mobility+Security are among the affected suites. Microsoft has stirred up solution providers with the next move in its philosophy of more flexible billing terms should get a premium—a 5 percent increase in the price of some of its most popular annual subscription bundles if the customer wants to pay…
Read MoreNetrio And Success Computer Consulting Buy New York MSP As Part of ‘Aggressive’ Acquisition Strategy
‘I see us continuing to grow, both organically and through M&A. We’ll expand our service offerings, particularly in AI and automation, which will be key to our long-term strategy,’ says Mark Clayman, CEO of Netrio and Success Computer Consulting. As Netrio and Success Computer Consulting combine their strengths to create a cybersecurity and AI powerhouse,…
Read More
Evgenii Ptitsyn, a Russian national and suspected administrator of the Phobos ransomware operation, was extradited from South Korea and is facing cybercrime charges in the United States. Phobos is a long-running ransomware-as-a-service (RaaS) operation (derived from the Crysis ransomware family) widely distributed through many affiliates. In 2023, it accounted for roughly 4% of all submissions…
Read More
Palo Alto Networks confirmed two zero-day vulnerabilities were exploited as part of attacks in the wild against PAN-OS devices, with one being attributed to Operation Lunar Peek. Background On November 18, Palo Alto Networks updated its advisory (PAN-SA-2024-0015) for a critical flaw in its PAN-OS software to include a CVE identifier: CVE Description CVSS CVE-2024-0012…
Read More
Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. TZL security researchers reported the RCE vulnerability (CVE-2024-38812) during China’s 2024 Matrix Cup hacking contest. It is caused by a heap overflow weakness in the vCenter’s DCE/RPC protocol implementation and affects products…
Read More
At Supercomputing 2024, the AI computing giant shows off what is likely its biggest AI ‘chip’ yet—the four-GPU Grace Blackwell GB200 NVL4 Superchip—while it announces the general availability of its H200 NVL PCIe module for enterprise servers running AI workloads. Nvidia is revealing what is likely its biggest AI “chip” yet—the four-GPU Grace Blackwell GB200…
Read More
AWS has released an important new feature that allows you to apply permission boundaries around resources at scale called Resource Control Policies (RCPs). Read on to learn what RCPs are all about and how to use them, as well as how Tenable Cloud Security already factors them into its analysis. AWS just launched Resource Control…
Read More
Fake Bitwarden password manager advertisements on Facebook are pushing a malicious Google Chrome extension that collects and steals sensitive user data from the browser. Bitwarden is a popular password manager app with a “free” tier featuring end-to-end encryption, cross-platform support, MFA integration, and a user-friendly interface. Its user base has been growing steadily in the…
Read More