Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. Exposing this type of credentials can easily lead to unauthorized access to storage buckets and databases with sensitive user data. Apart from…
Read More
‘This really marks for many of us the culmination of a four- or five-year journey,’ OpenText SVP Geoff Bibby said during a virtual event Tuesday. OpenText announced a major expansion of its Secure Cloud platform Monday in what executives called a massive investment into generating growth opportunities with its MSP partners. The OpenText Secure Cloud…
Read More
The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact of their breaches during the massive 2020 SolarWinds Orion hack. “The Securities and Exchange Commission today charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast…
Read More
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. “The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim’s intervention to trigger the…
Read More
Introduction Welcome to the September 2024 installment of the Sensor Intelligence Series, our monthly summary of vulnerability intelligence based on distributed passive sensor data. Following on from our last month’s analysis, scanning CVE-2017-9841 continues to drop, falling by 10% compared to August, and now down 99.8% from its high-water mark in June of 2024, and…
Read More
Twenty five years after the launch of CVE, the Tenable Security Response Team has handpicked 25 vulnerabilities that stand out for their significance. Background In January 1999, David E. Mann and Steven M. Christey published the paper “Towards a Common Enumeration of Vulnerabilities” describing an effort to create interoperability between multiple vulnerability databases. To achieve…
Read More
Gretchen Peters, co-founder and executive director of the Alliance to Counter Crime Online, knows better than most how criminal networks flourish on social media platforms. From drug trafficking to child exploitation, we focus on something from 1996 called Section 230 that makes many crimes possible. Source link lol
Read More
Proof-of-concept exploit code is now public for a vulnerability in Microsoft’s Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process. The vulnerability is tracked as CVE-2024-43532 and takes advantage of a fallback mechanism in the Windows Registry (WinReg) client implementation that relies on old transport protocols…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read More
In an interview with CRN, the Mandiant founder discusses joining the board at Expel and why he believes GenAI is ‘going to help the defender more.’ When it comes to generative AI, cybersecurity luminary Kevin Mandia believes the technology will end up as a bigger asset to cyber defense teams than hackers—even though the benefits…
Read More