A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. Smart App Control is a reputation-based security feature that uses Microsoft’s app intelligence services for safety predictions and Windows’ code integrity features to identify and block untrusted (unsigned)…
Read Moren/a–n/a An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables. 2024-07-31 not yet calculated CVE-2023-28149cve@mitre.org Apple–macOS This issue was addressed with improved checks. This issue is…
Read More
Consultancy specialist Thoughtworks is being taken private for $1.7 billion, as its new restructuring plan now will “impact” hundreds of employees. Top Amazon Web Services and Google partner Thoughtworks is being taken private by Apax Partners in a deal worth $1.75 billion as the IT consultancy also unveiled a new plan that will impact hundreds…
Read More
‘We are combining teams and prioritizing where we invest across the company. We continually evolve our business, so we’re set up to deliver the best innovation, value and service to our customers and partners,’ Dell Technologies said in a statement. Dell Technologies is cutting some sales jobs and adding others, as it reorganizes its business…
Read More
South Korea’s National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN’s software update to deploy malware and breach networks. The advisory connects this activity with a nationwide industrial factories modernization project Kim Jong-un, the North Korean president, announced in January 2023, believing the hackers are looking to steal trade…
Read More
Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. The American technology company started as an Original Equipment Manufacturer (OEM) of keyboards and mice in 1969 but has since become one of the largest manufacturers of printed circuit board assembly (PCBA) worldwide, with facilities in the United…
Read MoreIn an era of rapidly evolving Artificial Intelligence/Large Language Model (AI/LLM) technologies, cybersecurity practitioners face significant challenges in monitoring unauthorized AI solutions, detecting AI vulnerabilities, and identifying unexpected AI/LLM development. Tenable Security Center leverages advanced detection technologies – agents, passive network monitoring, dynamic application security testing, and distributed scan engines – to surface AI/LLM software,…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-0824 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant…
Read More
A previously undocumented Android malware named ‘LightSpy’ has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. Analysis shows that LianSpy has been actively targeting Android users since July 2021, but its extensive stealth capabilities helped it remain undetected for over three years. Kaspersky researchers…
Read More
Here’s a head-to-head comparison of AWS, Microsoft and Google Cloud’s recent financial earnings results for second-quarter 2024, including revenue, sales growth, cloud market share and operating income. The results are in for the three largest cloud computing companies on the planet with Amazon Web Services, Microsoft Azure and Google Cloud each recently reporting their financial…
Read More