Jul 25, 2024NewsroomContainer Security / Vulnerability Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. “An attacker could exploit a…
Read More
‘We did send these to our teammates and partners who have been helping customers through this situation,’ according to a CrowdStrike spokesperson. CrowdStrike has confirmed to CRN that it sent partners Uber gift cards that stopped working – a gesture of appreciation mocked online as the cybersecurity vendor and solution providers deal with the fallout…
Read More
Computers blue-screen-of-death around the world! The Paris Olympics is at risk of attack! And the FBI pull off the biggest sting operation in history by running a secret end-to-end encrypted messaging app! All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by industry veterans Graham Cluley and…
Read More
Threat actors known as ‘Stargazer Goblin’ have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware. In most cases, the malware are infostealers, such…
Read More
ServiceNow says that the company had informed the U.S. Department of Justice, the Department of Defense Office of Inspector General and the Army Suspension and Debarment Office of the investigation and ‘is continuing to cooperate with the Department of Justice, which has commenced its own investigation into these matters.’ ServiceNow said that its president and…
Read More
Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news. In a week dominated by the CrowdStrike incident, we will…
Read More
Unless there’s a concerted effort by a lot more tech industry vendors than just CrowdStrike, it’s unlikely to be the last incident of this kind. Within the software industry, it has long been a cliche´ to point out the inevitability of bugs. As the thinking goes, the world of software is insanely complex, and the…
Read More
The email security vendor will add 175 employees with the acquisition of 23-year-old Code42, the company says. Email security vendor Mimecast will add 175 employees with the acquisition of longtime cybersecurity vendor Code42, the company announced Wednesday. Mimecast did not disclose the terms of the acquisition. Joe Payne (pictured), Code42’s president and CEO since 2015,…
Read More
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. The flaw was initially discovered and fixed in Docker Engine v18.09.1, released in January 2019, but for some reason, the fix wasn’t carried forward in later…
Read More
In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. Even though the gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil…
Read More