Sep 09, 2024Ravie LakshmananVulnerability / Hardware Security A novel side-channel attack has been found to leverage radio signals emanated by a device’s random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab…

Read More

A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app’s “View once” feature and view messages again. Meta says that WhatsApp’s “View once” feature (introduced three years ago) enables users to share photos, videos, and voice messages privately, seeing that the recipient…

Read More

‘The core of our job is to support and serve our clients effectively,’ says Stanley Louissant, founder and principal of New Jersey-based MSP Fluid Designs. ‘Keeping that focus will always lead to success.’ Stanley Louissaint started his MSP in 2001 as a one-man shop. Despite remaining the sole employee of his MSP, he’s grown a…

Read More

From a new Business Outcomes Xcelerator partner program to increasing incentives for MSPs, here are six new partner launches from AWS that every channel partner needs to know about. Amazon Web Services has unleashed a slew of new incentives, programs and AWS Marketplace benefits with the goal of streamlining partners’ go-to-market capabilities and drive faster…

Read More

With patches out for three years, attackers have set their sights on a pair of vulnerabilities affecting DrayTek VigorConnect. Background In November 2021, the Cybersecurity and Infrastructure Security Agency (CISA) launched its Known Exploited Vulnerabilities (KEV) Catalog, an effort to focus on vulnerabilities known to have been exploited and provide defenders with an actionable list…

Read More

Today, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs) associated with…

Read More

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…

Read More

Image: MidjourneyUpdate September 09, 08:32 EDT: Revised title and story to include that the Avis data breach impacted over 299,000 customers.  American car rental giant Avis notified customers that unknown attackers breached one of its business applications last month and stole some of their personal information. According to data breach notification letters sent to impacted…

Read More

Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. In the notification sent to impacted clients, the company says that hackers had access to its network for nearly a year, between August 2023 and June 2024. Slim CD is a provider of…

Read More

A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. In sextortion emails, scammers pretend to have hacked your computer to steal images or videos of you performing sexual acts and demand that you send a…

Read More