Author: nlqip
MS-ISAC ADVISORY NUMBER: 2024-103 DATE(S) ISSUED: 09/17/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…
Read More
Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information. The threat actor put the alleged data up for sale yesterday on the BreachForums hacking forum, along with a small sample to serve as proof of the stolen…
Read More
As organizations modernize their infrastructure, containers offer unparalleled flexibility and scalability but they also introduce unique security challenges. In this blog we explain container security challenges, identify top threats and share how the newly released Tenable Enclave Security can keep your containers secure. Containers are changing enterprise IT and are now essential in modern app…
Read More
“We just don’t see copilot as that key step for our future,” Salesforce CEO Marc Benioff says. A partner network for Salesforce’s Agentforce artificial intelligence agent builder tool. Updates to the Data Cloud unified data offering. And deeper partnerships with the likes of IBM and Google Cloud. These are among the biggest announcements to come…
Read More
The solution provider behemoth, which this year lowered its fiscal outlook twice, has decided to delay its annual large-scale staff promotions from December to June, and to make that schedule change permanent. Global solution provider Accenture is delaying the annual promotion of its staff members from December of this year until June of next year.…
Read More
The January 2023 breach of a vendor’s cloud environment led to the exposure of data from 8.9 million AT&T customers, according to the FCC. AT&T will pay $13 million as part of a settlement with the Federal Communications Commission (FCC) over the 2013 cloud breach of a third-party vendor, which shouldn’t have been holding data…
Read More
Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. vCenter Server is the central management hub for VMware’s vSphere suite, helping administrators manage and monitor virtualized infrastructure. The vulnerability (CVE-2024-38812), reported by TZL security researchers during China’s 2024 Matrix Cup hacking contest, is…
Read More
Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks. The malicious activity was first spotted by Huntress, whose researchers detected the attacks on September 14, 2024. Huntress has already seen active breaches through these attacks at plumbing, HVAC, concrete, and other…
Read More
A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others. While Cloudflare says they are currently conducting scheduled maintenance in Sinagpore and Nashville, its status page does not indicate any problems. However, for many users worldwide, when attempting to access websites utilizing Cloudflare,…
Read More
The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T to resolve a probe into whether the telecom giant failed to protect customer data after a vendor’s cloud environment was breached three years ago. The FCC’s investigation also looked into AT&T’s supply chain integrity and whether the telecom giant engaged in poor…
Read More