Hackers have released internal documents stolen from one of America’s largest IT services providers, which counts various US government agencies, including the Department of Defense, amongst its customers. Bloomberg reports that the leaked data, which belonged to Virginia-based Leidos Holdings, was seized by hackers during a previously-reported breach in 2022 of software-as-a-service firm Diligent. The…
Read More1Panel-dev–KubePi KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the key is…
Read More
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. HealthEquity, one of the largest HSA custodians in the U.S., specializes in providing health savings accounts (HSAs), flexible spending accounts (FSAs), health reimbursement arrangements (HRAs), and 401(k) retirement plans. In a Form 8-K filing submitted…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability CVE-2024-5217 ServiceNow Incomplete List of Disallowed Inputs Vulnerability CVE-2023-4249 Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…
Read More
‘This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,’ a Microsoft executive says in a blog. Microsoft acknowledged that it must “prioritize change and innovation” for Windows following the massive CrowdStrike-caused outage to the operating system. The outage, which began July 19 and had lingering impacts for…
Read More
CRN breaks down the 25 Most Influential Executives of 2024 who are driving sales, transforming their business and paving the way for the future. The impact of today’s most influential tech executives is extending beyond the IT world and into every industry. From Microsoft’s Satya Nadella and Nvidia’s Jensen Huang pushing to make AI accessible…
Read More
Microsoft Chairman and CEO Satya Nadella, CRN’s No. 1 Most Influential Executive, is earning accolades from partners as he keeps AI at the forefront of the company’s mission and steers investments and innovation around Copilot, GenAI and more. When World Wide Technology’s Jim Kavanaugh attended Microsoft’s high-profile CEO Summit this spring, one major thing stood…
Read MoreHere we present the CRN Top 100 Executives of 2024 list, the men and women who are setting the pace for the rest of the IT industry. CRN’s annual Top 100 Executives list honors the channel’s forward-thinking leaders. This year’s No. 1 Most Influential Executive, Microsoft Chairman and CEO Satya Nadella, is putting the pedal…
Read More
A massive phishing campaign dubbed “EchoSpoofing” exploited now-fixed, weak permissions in Proofpoint’s email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. The campaign started in January 2024, disseminating an average of 3 million spoofed emails daily and reaching a peak of 14…
Read More
An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint’s defenses to send millions of messages spoofing various legitimate companies. “These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections — all to…
Read More