Introduction Black Friday has long been a cornerstone of the retail calendar, not just in the United States but around the globe. During this period, including Thanksgiving weekend and Cyber Monday, consumers anticipate steep discounts and rush to purchase products both in-store and online. However, these low prices also bring about a surge in unethical…
Read More
Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities. The two security flaws are an authentication bypass (CVE-2024-0012) in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges and a PAN-OS privilege escalation (CVE-2024-9474) that helps them run commands on the…
Read More
A new Linux backdoor called ‘WolfsBane’ has been discovered, believed to be a port of Windows malware used by the Chinese ‘Gelsemium’ hacking group. ESET security researchers who analyzed WolfsBane report that WolfsBane is a complete malware tool featuring a dropper, launcher, and backdoor, while it also uses a modified open-source rootkit to evade detection. The…
Read More
Microsoft has released the November 2024 preview cumulative update for Windows 11 24H2, with 14 improvements and fixes for multiple issues, including some affecting File Explorer, the Clipboard history, and secondary displays. The KB5046740 update is part of Microsoft’s optional non-security preview updates schedule, pushed out on the fourth week of every month to help Windows…
Read More
Nvidia could finish its current fiscal year with revenue that is not only more than double what it made the previous year when it surpassed Intel in annual sales for the first time. It would also be 64 percent higher than the combined full-year revenues forecasted by Intel and AMD. Nvidia earned nearly 75 percent…
Read More
Microsoft has confirmed that, since November 12, some Windows 10 users have been unable to update or uninstall packaged applications like Microsoft Teams. This known issue is caused by the WinAppSDK 1.6.2 package, which was automatically delivered to affected users’ systems after installing an app developed using Win App SDK. On impacted Windows 10 22H2…
Read More
The BianLian ransomware operation has shifted its tactics, becoming primarily a data theft extortion group, according to an updated advisory from the U.S. Cybersecurity & Infrastructure Security Agency, the FBI, and the Australian Cyber Security Centre. This new information comes in an update to a joint advisory released in May by the same agencies, which…
Read More
Microsoft and the Justice Department have seized over 240 domains used by customers of ONNX, a phishing-as-a-service (PhaaS) platform, to target companies and individuals across the United States and worldwide since at least 2017. According to Microsoft’s Digital Defense Report 2024, ONNX (previously known as Caffeine) was the top Adversary in the Middle (AitM) phishing…
Read More
A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on. The landmark report Detecting and Mitigating Active Directory Compromises — released in September by cybersecurity…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek…
Read More