Category: Kamban
On the first day of Pwn2Own Ireland, participants demonstrated 52 zero-day vulnerabilities across a range of devices, earning a total of $486,250 in cash prizes. Viettel Cyber Security took an early lead getting 13 points in their chase for the “Master of Pwn” title. The team’s phudq and namnp exploited a Lorex 2K WiFi camera through a stack-based…
Read More
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing security requirements to prevent adversary states from accessing American’s personal data as well as government-related information. The requirements are aimed at entities that engage in restricted transactions that involve bulk U.S. sensitive personal data or U.S. government-related data, especially if the info is exposed to “countries…
Read More
Microsoft has released the optional KB5045594 preview cumulative update for Windows 10 22H2 with fixes for problems printing to multi-function printers and other issues. This cumulative update preview allows Windows admins and users to test upcoming fixes and features that will be released in the following month’s mandatory Patch Tuesday. Unlike Patch Tuesday cumulative updates,…
Read More
Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. Exposing this type of credentials can easily lead to unauthorized access to storage buckets and databases with sensitive user data. Apart from…
Read More
The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact of their breaches during the massive 2020 SolarWinds Orion hack. “The Securities and Exchange Commission today charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast…
Read More
Introduction Welcome to the September 2024 installment of the Sensor Intelligence Series, our monthly summary of vulnerability intelligence based on distributed passive sensor data. Following on from our last month’s analysis, scanning CVE-2017-9841 continues to drop, falling by 10% compared to August, and now down 99.8% from its high-water mark in June of 2024, and…
Read More
Proof-of-concept exploit code is now public for a vulnerability in Microsoft’s Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process. The vulnerability is tracked as CVE-2024-43532 and takes advantage of a fallback mechanism in the Windows Registry (WinReg) client implementation that relies on old transport protocols…
Read More
Dan Adamany, founder and CEO of channel partner juggernaut Ahead, explains how he successfully grew his company into a $4 billion IT superstar thanks, in part, to Ahead’s successful acquisition strategy over the past five years. Ahead’s founder and innovative CEO, Dan Adamany, knows what it takes to not only acquire a company, but successfully…
Read More
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. The flaw is rated critical (CVSS v3.1 score: 9.8) and stems from a heap overflow weakness in vCenter’s DCE/RPC protocol implementation, impacting the vCenter Server and…
Read More
In today’s digital age, protecting sensitive data and maintaining robust security practices are top priorities for businesses of all sizes. One key aspect of this is SOC compliance, a set of standards that helps organizations demonstrate their commitment to security and build trust with clients and partners. What is SOC Compliance? SOC, which stands…
Read More