CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read More
“The MSP market is a great place for a private equity company like EQT to put their money,” said David Stinner, president of US itek, a Buffalo, N.Y.-based MSP. “Once you have an MSP beholden to a backup/cybersecurity solution like Acronis they don’t leave.” MSP cybersecurity and backup provider Acronis is being acquired in a…
Read More
‘The acquisition of CX Effect significantly expands our portfolio by incorporating over 40 new suppliers,’ says Drew Lydecker, co-founder and president of Avant. ‘This accelerates Avant’s success as we continue to address the rapidly growing cybersecurity, cloud infrastructure and AI markets.’ Avant has acquired technology distributor CX Effect in a move to grow its business,…
Read More
Aug 07, 2024Ravie LakshmananEmail Security / Vulnerability Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances. “When a victim views a malicious email in Roundcube sent by an…
Read More
Aug 07, 2024Ravie LakshmananLinux / Vulnerability Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. “Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics…
Read More
Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable’s new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers. Windows is an operating system that, over its 40-plus years of history, has developed more than a few arcane…
Read More
GoGra leverages the Microsoft Graph API in order to access the Outlook mail service using OAuth access tokens for a username called FNU LNU. The backdoor accesses the Outlook mailbox and reads instructions from email messages with the word “Input” in the subject line. However, the contents of the messages are encrypted with AES-256 and…
Read More
From among more than 320 applicants, CRN staff evaluated and selected products spanning the IT industry – including AI and AI infrastructure, cloud management, data analytics, networking, security and storage categories – that offer ground-breaking functionality and new opportunities for partners. Tech Innovators 2024 The wave of development around artificial intelligence and generative AI in…
Read More
This post was written by ARC Labs Contributor, John Dwyer, Director of Security Research at Binary Defense In the first part of this series, we discussed how Binary Defense has innovated within the deception market by offering Managed Deception which makes deception technology accessible to every organization. In this installment, we explore how Binary Defense…
Read More
There’s a lot of confusion and unknowns regarding AI application risks, and a lot of vendors are trying to offer solutions to problems that aren’t clearly defined. In this blog we explain why a smart approach is to start by focusing on basic, foundational cyber hygiene, adopt well-established best practices and enforce common-sense usage policies.…
Read More