Attackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems. The company behind this software, also known as JAVS, says the digital recording tool currently has over 10,000 installations in many courtrooms, legal offices, correctional facilities, and government agencies worldwide. JAVS has…
Read More
That means that CISOs should make sure that systems are trying to differentiate between automated and manual attacks. And to then examine manual attacks very carefully, Harrigan said. CISOs should “spend extra time” examining the manual attack attempts, he said, as doing so may give the security operations center a sneak preview of a zero-day,…
Read More
Microsoft has published a “Cyber Signals” report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States. The FBI previously warned about Storm-0539’s (aka “Ant Lion”) activities earlier this month, highlighting the threat group’s advanced techniques in conducting gift card theft and fraud,…
Read More
Mark Tauschek, vice president of research fellowships and distinguished analyst at Info-Tech Research Group, sees the new class of Windows computers leveraging Copilot a logical next step for Microsoft, especially given the rise of AI-enabled attacks. “The only way to defend against AI-enabled attacks is with AI-enabled defenses,” he said. “Leveraging OpenAI in Azure and…
Read More
‘Security is a team sport,’ Microsoft CVP Vasu Jakkal said on a panel this week. Microsoft solution providers are “critical” to the vendor’s plans for achieving and maintaining responsible artificial intelligence and security, Microsoft executives told CRN this week. During a panel on responsible AI and security held the week of Microsoft Build 2024, CRN…
Read More
Well-known ransomware gang LockBit has been usurped as the world’s top ransomware gang, according to a recent report from NCC Group. For the past eight months, LockBit has led the world in ransomware attacks. But the group had its assets seized in February in connection with a crackdown by The National Crime Agency of the UK, working…
Read More
Experts at HP, Xerox, Lexmark, Sharp and Brother talk to CRN about how their companies are using AI to improve the way printers are used, managed and maintained. Vendors in the printer industry are already using AI technologies to improve how people use, manage and maintain printers, and some expect those investments to expand, experts…
Read More
GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. The security flaw (tracked as CVE-2024-4835) is an XSS weakness in the VS code editor (Web IDE) that lets threat actors steal restricted information using maliciously crafted pages. While they can exploit this vulnerability in attacks that…
Read More
May 23, 2024NewsroomThreat Intelligence / Vulnerability, The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control…
Read More
May 23, 2024NewsroomRansomware / Virtualization Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed. “Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,” cybersecurity firm…
Read More