Privacy VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes 25 Jun 2024 • , 6 min. read In a world of remote working and heightened privacy and security concerns, virtual private networks (VPNs) have become an indispensable aid for…
Read More
Digital executive protection services are usually acquired through the office of the CISO or CSO, though executives themselves often acquire the services independently and then involve their CSOs, according to Chris Pierson, CEO of BlackCloak, which he founded in 2018 with the sole purpose of protecting executives from online threats that can lead to personal…
Read More
Jun 26, 2024NewsroomSupply Chain Attack / Web Security Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library (“polyfill.js”) to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-075 DATE(S) ISSUED: 06/25/2024 OVERVIEW: Multiple vulnerabilities have been discovered in MOVEit products, which could allow for authentication bypass. MOVEit Gateway acts as a proxy between inbound connections from the public network and your internal trusted network. MOVEit Transfer is a secure managed file transfer application. Successful exploitation of these vulnerabilities could…
Read More
“It’s a community of practice. It’s just shared learnings. We’re all kind of going, ‘It’s early innings.’ We’re all bumping elbows and skinning knees. It’s like, ’Let’s learn together, share some of this pain, but share some of the learnings,” newly appointed Dell Chief AI Officer Jeff Boudreau tells CRN. Dell Technologies holds the No.…
Read More
During the data collection period, Cloudflare said that it mitigated 6.8% of all web application traffic. It defines mitigated traffic as any “traffic that is blocked or is served a challenge by Cloudflare. The specific threat type and relevant mitigation technique depends on many factors such as the application’s potential security gaps, the nature of…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-074 DATE(S) ISSUED: 06/25/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…
Read More
Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. As MOVEit has been a popular target for ransomware gangs and other threat actors, we strongly recommend prioritizing patching of this vulnerability. Background On June 25, Progress published an advisory for a vulnerability in MOVEit Transfer, a secure…
Read More
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them. The attack was discovered by the Wordfence Threat Intelligence team yesterday, but the malicious injections appear to have occurred towards the end of last week,…
Read More
The prohibitive cost structure has been labeled the “SSO Tax” and CISA says potential SMB customers “perceive SSO as being excessively costly due to the higher cost of the premium-tier service that includes SSO as compared to the lower-tier service that does not include SSO coupled with a requirement to subscribe for a minimum number…
Read More