CISA released eleven Industrial Control Systems (ICS) advisories on August 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read More
Aug 15, 2024Ravie LakshmananEnterprise Security / Vulnerability SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. “SolarWinds Web Help Desk was found…
Read More
Iranian hackers tied to recent U.S. presidential campaign cyberattacks abuse services like Google Workspace, Dropbox and OneDrive, says Google in a new cybersecurity report. Google’s Theat Analysis Group found an Iranian government-backed hacking group, known as APT42, has conducted phishing cyberattacks targeting “accounts associated with the U.S. presidential election.” “In May and June, APT42 targets…
Read More
Microsoft has shared a temporary fix for a known issue that causes Microsoft 365 apps like Outlook, Word, and OneNote to unexpectedly crash while typing or spell-checking a text. According to a support document published on Wednesday, these crashes affect users of Excel for Microsoft 365, Word for Microsoft 365, Outlook for Microsoft 365, PowerPoint…
Read More
As Rodgers puts it, “What got you here won’t get you there. You know how to configure a firewall, but now you have to communicate to executives. You have to know the business and be able to talk about your technology, your security, the solution through the language of the business. Being able to have…
Read More
On July 19, 2024, a seemingly routine CrowdStrike update caused a global IT meltdown. Millions of systems running Windows 10 and later experienced vital failures, bringing banks, airports, and critical infrastructure to a halt. The cause? A configuration error in the CrowdStrike Falcon sensor update. The CrowdStrike outage was more than just a temporary inconvenience;…
Read More
Aug 15, 2024Ravie LakshmananCyber Attack / Social Engineering Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government. While one of the campaigns – dubbed River of…
Read More
ClearScale CEO Jimmy Chui explains why price-concerned VMware customers need to migrate to AWS, his company’s new AI-powered offerings to help them, and why businesses need to ‘really get off all their licensed software.’ ClearScale is launching an AI-powered attack seeking to migrate existing VMware customers worried about price increases over to the AWS cloud.…
Read More
Cisco CEO Chuck Robbins says his team is “shifting hundreds of millions of dollars into AI,” including AI networking for cloud, AI infrastructure, silicon and cybersecurity. Cisco Systems crossed $1 billion to date in AI orders with webscale customers and predicts another $1 billion in AI product orders this fiscal year. On the San Jose,…
Read More
Aug 15, 2024Ravie LakshmananRansomware / Cybercrime A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator. The EDR-killing utility has been dubbed EDRKillShifter by…
Read More