Microsoft is working on a new Windows “Quick Machine Recovery” feature that will allow IT administrators to use Windows Update “targeted fixes” to remotely fix systems rendered unbootable. This new feature is part of a new Windows Resiliency Initiative launched in response to a widespread July 2024 outage caused by a buggy CrowdStrike Falcon update…
Read More
The U.S. Department of Justice is reportedly seeking a judge to potentially force Google to sell off Google Chrome, the world’s most popular internet browser. In a move that could shake up $88 billion Google and its cloud business, Google Cloud, the U.S. Department of Justice is reportedly seeking to ask a judge to force…
Read More
Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable Research examines the tactics, techniques and procedures of this threat actor. Background The cyberthreat landscape is always evolving, with security teams continuously facing new threats and attacks from a…
Read More
Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths. Recent activity from the state-sponsored group Volt Typhoon, from the People’s Republic of China (PRC), has prompted federal agencies — including the Cybersecurity and Infrastructure Security Agency…
Read More
Microsoft has shared more details about the new Windows 11 administrator protection security feature, which is available in preview and uses Windows Hello authentication prompts to block access to critical system resources. First introduced last month in a preview build for Windows 11 Insiders in the Canary Channel, admin protection is designed to “protect free…
Read More
‘Nutanix has sensed blood in the water from the Broadcom acquisition and it is making a big push to do right by partners,’ says Gary McConnell, CEO of Nutanix partner VirtuIT. ‘They’ve rolled out a ton of training and have made their technical and sales resources available to partners that are new to having discussions…
Read More
Microsoft announced today at its Ignite annual conference in Chicago, Illinois, that it’s expanding its bug bounty programs with Zero Day Quest, a new hacking event focusing on cloud and AI products and platforms. The event starts today with a research challenge where submissions of vulnerabilities for specific scenarios can earn multiplied bounty awards and…
Read More
Software-as-a-Service, an acronym for SaaS applications, has become increasingly popular among businesses looking to enhance efficiency, productivity, and scalability. These cloud-based services have exploded in popularity over the last few years, with the net consumption up 18% in 2023 and 130 apps used per business on average. As cybersecurity threats evolve and grow, the risks…
Read More
Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and “warez” sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting SEO for their dubious online properties, since Spotify’s web player results appear in search engines like Google. Spotify playlists pushing…
Read More
Chinese threat actors use a custom post-exploitation toolkit named ‘DeepData’ to exploit a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client that steal credentials. The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device Volexity researchers report that they discovered this flaw earlier this summer and…
Read More