Six MSP executives share details on how they’re helping customers to stay secure through education and awareness training for their teams. As cyberthreats continue to evolve—and intensify—MSPs are continuing to update and adapt the security training that they facilitate for customers. This week, CRN’s reporting team spoke with executives from numerous solution and service providers…
Read More
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact. Introduction In this blog, we take a look at a server-side request forgery (SSRF) vulnerability in Copilot Studio that leveraged Copilot’s ability to…
Read More
“Removing the power to connect equipment to or install program in CCS as this is likely to have a chilling effect on technology investment and Hong Kong digital economy, which will undermine trust in service providers who operate in Hong Kong,” Dr. Eden Wood, president of AmCham wrote in the letter. The HKGCC has raised…
Read More
The U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public. In a joint statement from the Office of the Director of National Intelligence (ODNI), the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. says that Iran carried out cyberattacks…
Read MoreHacking Wireless Bicycle Shifters This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread. Tags: academic papers, firmware, hacking,…
Read More
Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the activity under the name TA453, which overlaps with activity tracked by the broader cybersecurity community under the…
Read More
Aug 20, 2024Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster. “An attacker with command execution in a Pod running within an affected Azure Kubernetes Services…
Read More
In today’s rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using the infamous Log4Shell vulnerability as an example, and demonstrates how Application Detection and Response (ADR) technology…
Read More
Aug 20, 2024Ravie LakshmananVulnerability / Threat Intelligence A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. “The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic,” the Symantec Threat Hunter Team, part of Broadcom,…
Read More
Samantha Mabey, director of digital security solutions at Entrust, commented: “Now that NIST has finalized three quantum-resistant security algorithms, it becomes increasingly crucial for CISOs to prepare for the quantum computing era. The shift to post-quantum cryptography is more than a technical update; it’s a vital step in protecting sensitive information, and promises to be…
Read More