The notorious FIN7 hacking group has been spotted selling its custom “AvNeutralizer” tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. FIN7 is believed to be a Russian hacking group that has been active since 2013, initially focusing on financial fraud by hacking organizations and stealing debit and credit cards.…
Read MoreConsolidated Communications, Incedo, Cerium Networks, Comcast, Nvidia and Logitech are among the companies to list open positions for channel-related roles in July. This month, Consolidated Communications, Incedo and Cerium Networks are among the solution providers to list open positions while Comcast, Nvidia and Logitech are among the vendors to list open positions for channel-related roles.…
Read MoreMicrosoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. As the Exchange team explained on Wednesday, DNS-based Authentication of Named Entities (DANE) for SMTP and Domain Name System Security Extensions (DNSSEC) work together to defend against downgrade and man-in-the-middle (MiTM)…
Read MoreThe reported effort by Google to beef up its cloud and AI security offerings by potentially acquiring Wiz shows how central cybersecurity has become in the tech industry, solution provider executives tell CRN. Whether or not the Google’s reported efforts to acquire cloud security unicorn Wiz pan out, the apparent willingness by the tech giant…
Read MoreNetwork security controls are no longer reliable or sufficient. They are easily evaded, prone to false positives, and feed a costly ecosystem of alert management and incident response. According to pen testing by Positive Technologies, an external attacker can breach an organization’s network perimeter in 93% of cases. This is unacceptable, and you no longer…
Read MoreCisco has fixed a maximum severity vulnerability that allows attackers to change any user’s password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. The flaw also impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite). As a Cisco Smart Licensing component,…
Read MoreJul 17, 2024NewsroomCyber Espionage / Cryptocurrency Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People’s Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named “MiroTalk.dmg”…
Read MoreA threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. Known only by their ’emo’ handle, they said the unsecured API endpoint used to steal the data provided an easy way to verify each impacted user’s email address, name, and phone…
Read MoreCloudflare Reports that Almost 7% of All Internet Traffic Is Malicious 6.8%, to be precise. From ZDNet: However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability CVE-2024-28995 SolarWinds Serv-U Path Traversal Vulnerability CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability These types of vulnerabilities are frequent attack…
Read More