Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features. The flaw, tracked as CVE-2024-38112, is a high-severity MHTML spoofing issue fixed during the July 2024 Patch Tuesday security updates. Haifei Li of Check Point Research discovered the vulnerability and disclosed…
Read MoreMicrosoft has fixed a known issue causing restart loops and taskbar problems on Windows 11 systems after installing the June KB5039302 preview update. “This issue was resolved in updates released July 9, 2024 (KB5040442) and later,” the company said in an update added to the Windows release health page on Tuesday. “We recommend you install…
Read More‘With my experience in the past selling into the VAR and MSP channels, we think there’s a big opportunity to focus on that and to work with MSP partners to bring these AI phone agents to market,’ says Vida CEO Lyle Pratt. Carrier-grade AI voice agent developer Vida unveiled the launch of a new platform…
Read MoreRADIUS Vulnerability New attack against the RADIUS authentication protocol: The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing…
Read MoreJul 10, 2024NewsroomData Breach / Malware A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious…
Read MoreData Protection vs Data Security: The key Differences to Know Data is any firm’s most valuable asset. This could be financial information, intellectual property, trade secrets, research and development data, or customer and employee personal details. But regardless of what type of data firms have, its importance cannot be understated. However, this also makes it…
Read MoreJul 10, 2024The Hacker NewsEndpoint Security / Identity Security It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in…
Read MoreJul 10, 2024NewsroomEndpoint Security / Vulnerability Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in…
Read MoreThe Problem The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are: 53% of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zero-days. More mass compromise events arose from…
Read MoreJul 10, 2024NewsroomCybersecurity / Phishing Attack Google on Wednesday announced that it’s making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP). “Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account,” Shuvo Chatterjee, product lead of APP, said. Passkeys are…
Read More