After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. Code White security researcher Florian Hauser found that the vulnerability (tracked as CVE-2024-40711) is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit to…

Read More

‘We’re now putting all of our hardware business and associated services with it in one segment called Specialty Technology Solutions, and then we have the second segment, which is new, called Intelisys and Advisory. That’s where we’re putting the ‘NewCo’ that we introduced a quarter or two ago that included a company we acquired, Resourcive,’…

Read More

More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score and is present in the ‘cgi_user_add’ command where the name parameter is insufficiently sanitized. An unauthenticated attacker could exploit it to inject…

Read More

For the week ending Nov. 8, CRN takes a look at the companies that brought their ‘A’ game to the channel including Ingram Micro, CrowdStrike, Accenture, Cynomi and Nerdio. The Week Ending Nov. 8 Topping this week’s Came to Win list is distributor Ingram Micro for its latest steps to help solution providers work with…

Read More

Today, cybersecurity company Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. In a security advisory published on Friday, the company said it doesn’t yet have additional information regarding this alleged security flaw and added that it has yet to…

Read More

Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission. The security issues remain unpatched and some of them are command injection flaws that could be leveraged to obtain unrestricted access to vehicle networks, potentially impacting the car’s…

Read More

With global spending on the technology industry expected to reach $5.74 trillion in 2025, CRN breaks down the five largest markets that will reap the most revenue next year, according to new data from Gartner. Worldwide spending on IT will hit a record $5.74 trillion in 2025 with all areas of technology—from software to communications…

Read More

‘We’ve been talking about Asio for numerous years. We’ve been showing you glimpses of Asio. I’m here to tell you that we are at that tipping point. I’m here to tell you that it is ready for prime time,’ ConnectWise CEO Manny Rivelo told IT Nation 2024 ConnectWise CEO Manny Rivelo said the long-promised Asio…

Read More

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends. Dive into six things that are top…

Read More

Google has left Android users puzzled after the most recent update to the Google mobile app causes links shared from the app to now be prepended with a mysterious “search.app” domain. As the Google app is a popular portal for searching the web for Android users and delivers a personalized content news feed referred to…

Read More