The attack, part of an industry-wide attack targeting information stored using Snowflake, did access telemetry data in a single Snowflake data analytics workspace used by Pure Storage for customer support, but Pure Storage said no compromising customer data was accessed. All-flash and cloud storage technology developer Pure Storage Tuesday said that a third party had…

Read More

One of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization’s security posture, revealing weaknesses that could potentially lead to data breaches or other security incidents. Vonahi…

Read More

Reuters late Monday, citing unnamed sources, said that solution provider Kyndryl Holdings and investment company Apollo Global were teaming up to make a bid for solution provider DXC Technology that could value DXC at up to $4.5 billion. Global IT services provider Kyndryl Holdings and private investment firm Apollo Global reportedly may be preparing a…

Read More

More than 80% of all breaches involve data stored in the cloud, and security teams that don’t use cloud workload protection (CWP) may never get ahead of attackers who want to access as much data as possible with the least effort. A single cloud breach is often the most straightforward way into these sensitive environments.…

Read More

 Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   Users and administrators are encouraged to review the following advisory and apply the necessary updates:   Source link lol

Read More

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the China Education and Research Network (CERNET), a project funded…

Read More

AWS has added support for FIDO2 passkeys, a passwordless authentication method under the Fast Identity Online (FIDO) framework, for multifactor authentication — and will soon make MFA mandatory for signing in to AWS accounts. “Beginning in July 2024, root users of standalone accounts — those that aren’t managed with AWS Organizations — will be required to…

Read More

Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. These updates are mandatory as they are part of Microsoft’s June 2024 Patch Tuesday and contain security updates for 51 vulnerabilities. Windows Server KB5039217 updateSource: BleepingComputer The Windows Server 2019…

Read More

1Critical 48Important 0Moderate 0Low Microsoft addresses 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Our counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub). Microsoft patched 49 CVEs in its…

Read More

CISA released six Industrial Control Systems (ICS) advisories on June 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol

Read More