Category: Kamban
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. Ring -2 is one of the highest privilege levels on a computer, running…
Read More
Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. Tracked as CVE-2024-38200, this security flaw is caused by an information disclosure weakness that enables unauthorized actors to access protected information such as system status or configuration data, personal info, or connection metadata. The zero-day impacts…
Read More
For the week ending Aug. 9, CRN takes a look at the companies that brought their ‘A’ game to the channel including Abnormal Security, Fortinet, Avant, Rewst and Hewlett Packard Enterprise. The Week Ending Aug. 9 Topping this week’s Came to Win list is cybersecurity provider Abnormal Security for an impressive $250-million funding round that…
Read More
An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser’s executables to hijack homepages and steal browsing history. The installer and extensions, which are usually undetected by antivirus tools, are designed to steal data and execute commands on infected devices. ReasonLabs researchers identified the campaign…
Read More
The U.S. Justice Department arrested a Nashville man charged with helping North Korean IT workers obtain remote work at companies across the United States and operating a laptop farm they used to pose as U.S.-based individuals. Matthew Isaac Knoot, 38, helped North Koreans use a stolen identity to pose as Andrew M., a U.S. citizen,…
Read More
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. The vendor has not made fixes available for these devices and shared no mitigation tips, so users of those products will have to move to newer and…
Read More
Microsoft reminded today that Exchange 2016 will reach the end of extended support next year on October 14 and shared guidance for admins who need to decommission outdated servers. Exchange 2016 reached its mainstream end date in October 2020, while Exchange Server 2013 (the previous version) reached its extended end-of-support (EOS) date on April 11,…
Read More
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open For Business) is a popular open-source enterprise resource planning (ERP) system that provides a suite of business applications to manage various aspects of an organization. Due to its versatility and…
Read More
Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers. As a Cisco Smart Licensing component, Cisco SSM On-Prem helps manage accounts and product licenses on an organization’s environment using a dedicated dashboard…
Read More
‘We are starting from a position of strength: We have leading end-to-end solutions, a world-class supply chain, unmatched Global Services, and unparalleled customer reach with the largest GTM [go-to-market] engine in the industry — giving us unstoppable differentiation in the marketplace,’ Dell’s Bill Scannell and John Byrne told employees in a memo. Dell Technologies wants…
Read More