Category: Viral
The high-severity flaw in Ivanti’s Cloud Service Appliance (CSA) can be used to enable remote execution of code, the vendor says. Ivanti said Friday that a previously disclosed vulnerability in its Cloud Service Appliance (CSA) gateway has now seen exploitation by threat actors. As of Ivanti’s disclosure Friday, attacks exploiting the high-severity flaw had only…
Read More
‘We have seen, especially in that AI space, these extremely high-powered chips on back order because they can’t make them fast enough. AWS own chips are going to be extremely beneficial on that side of it, especially as these AI workloads increase,’ says ClearScale CEO Jimmy Chui. Solution providers are bullish on Amazon Web Services’…
Read More
In the wake of the global Windows outage caused by a faulty CrowdStrike update in July, ‘both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode,’ Microsoft’s David Weston says. In the wake of the CrowdStrike-caused outage that led to widespread societal disruptions in July, Microsoft…
Read More
Sep 13, 2024Ravie LakshmananVirtual Reality / Vulnerability Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. “A novel attack that can…
Read More
The percentage equates to a potential 1,500 customers affected in the compromise of Fortinet’s cloud file-share environment. Fortinet disclosed that the breach of its cloud file-share environment impacted “less than 0.3 percent” of customers, while noting that it believes the incident isn’t likely to have a significant impact on its business. The cybersecurity vendor had…
Read More
Sep 13, 2024Ravie LakshmananCyber Attack / Crime British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). “The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September,” the…
Read More
Sep 13, 2024Ravie LakshmananSoftware Security / Threat Intelligence Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS…
Read More
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible. However, most tools available on the market today cannot offer a complete defense against this attack vector because they…
Read More
A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has…
Read More
Sep 13, 2024Ravie LakshmananFinancial Fraud / Mobile Security Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims’ banking credentials. “The mechanisms include using malformed ZIP files in combination with JSONPacker,” Cleafy security researchers…
Read More