Category: Kamban
A new “EUCLEAK” flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico’s YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device. NinjaLab’s Thomas Roche, who discovered the flaw and devised the EUCLEAK side-channel attack, notes that the side channel can retrieve…
Read More
Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. CSLU is a Windows application that helps manage licenses and linked products on-premise without connecting them to Cisco’s cloud-based Smart Software Manager solution. The company says this critical vulnerability (CVE-2024-20439)…
Read More
Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout. Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to a compromise with JavaScript code that steals sensitive details provided at checkout. It…
Read More
Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices. The high-severity vulnerability is related to a logic error in the code, which allows an attacker to bypass certain protections on Android and elevate their privileges…
Read More
‘We have a lot of prospects interested in SuperOps, and my focus will be on reaching out to them, engaging in meaningful conversations and understanding their needs,’ says Brandi Crown, SuperOps’ new U.S. head of sales. ‘We aim to help MSPs not only manage their operations more effectively but also to capitalize on tools and…
Read More
AI SPERA, a leading Cyber Threat Intelligence (CTI) company, has achieved PCI DSS v4.0 certification for its flagship search engine solution, Criminal IP. This accomplishment builds on last year’s attainment of PCI DSS v3.2.1 (Payment Card Industry Data Security Standard) certification and represents a significant milestone in the company’s ongoing efforts to strengthen security, further…
Read More
Threat actors are utilizing an attack called “Revival Hijack,” where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. The technique “could be used to hijack 22K existing PyPI packages and subsequently lead to hundreds of thousands of malicious package downloads,” the researchers say. Hijacking popular projects…
Read More
“AI is certainly the topic of topic of the day, but I think we are going to think of AI differently,” says incoming TD Synnex President of North America Reyna Thompson. “It’s not just that AI is emerging. It is how do you monetize AI?… We’re actually focused on how do you build a business…
Read More
The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. Bitcoin ATMs are typically located in convenience stores, gas stations, and other busy areas, but instead of dispensing cash like the traditional ATMs they…
Read More
Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. The flaw, tracked as CVE-2024-7261 and assigned a CVSS v3 score of 9.8 (“critical”), is an input validation fault caused by improper handling of user-supplied data, allowing remote attackers…
Read More