Tag: Cyberattacks
The January 2023 breach of a vendor’s cloud environment led to the exposure of data from 8.9 million AT&T customers, according to the FCC. AT&T will pay $13 million as part of a settlement with the Federal Communications Commission (FCC) over the 2013 cloud breach of a third-party vendor, which shouldn’t have been holding data…
Read More
The flaw had received a fix during Microsoft’s ‘Patch Tuesday’ update on Sept. 10, but had not initially been listed as exploited in attacks. A Microsoft Windows vulnerability with a rating of “high” severity has been acknowledged as having seen exploitation in cyberattacks, after initially being listed by the tech giant as unexploited upon its…
Read More
‘CloudImposer could have allowed attackers to conduct a massive supply chain attack by compromising the Google Cloud Platform’s Cloud Composer service for orchestrating software pipelines,’ says Tenable security researcher Liv Matan. Google has patched a critical security flaw inside its Google Cloud Platform Composer tool that could have enabled hackers to achieve remote execution on…
Read More
The high-severity flaw in Ivanti’s Cloud Service Appliance (CSA) can be used to enable remote execution of code, the vendor says. Ivanti said Friday that a previously disclosed vulnerability in its Cloud Service Appliance (CSA) gateway has now seen exploitation by threat actors. As of Ivanti’s disclosure Friday, attacks exploiting the high-severity flaw had only…
Read More
The percentage equates to a potential 1,500 customers affected in the compromise of Fortinet’s cloud file-share environment. Fortinet disclosed that the breach of its cloud file-share environment impacted “less than 0.3 percent” of customers, while noting that it believes the incident isn’t likely to have a significant impact on its business. The cybersecurity vendor had…
Read More
For the week ending Sept. 13, CRN takes a look at the companies that brought their ‘A’ game to the channel including ConnectWise, Todyl, AWS, ServiceNow and Blue Mantis. The Week Ending Sept. 13 Topping this week’s Came to Win list is ConnectWise for its Axcient and SkyKick acquisitions that will boost its data protection…
Read More
In an Oracle CloudWorld keynote, the Oracle founder and CTO also held up the company’s new alliance with Amazon Web Services as the start of the “open multi-cloud era.” Oracle’s next-generation network security technology, which leverages AI and biometric authentication to thwart cyber threats, is now available in the Oracle Cloud, Oracle founder, chairman and…
Read More
‘We’re not sure why they don’t list [the vulnerability] as being under active attack, but you should treat it as though it were,’ writes Trend Micro’s Dustin Childs. Microsoft’s monthly release of security fixes addresses five zero-day vulnerabilities that are seeing active exploitation, despite the company only listing four zero days in its disclosure Tuesday,…
Read More
The vulnerability in the vendor’s SonicOS firmware affects a wide array of SonicWall firewalls. A critical-severity vulnerability affecting a wide array of SonicWall firewalls has been exploited by threat actors to deploy ransomware, according to security researchers. The access control flaw (tracked at CVE-2024-40766) impacts firewalls running multiple versions of the vendor’s SonicOS firmware—SOHO (Gen…
Read More
‘We sincerely apologize this incident occurred,’ according to a letter to Avis customers. Avis, the car rental company, has disclosed that threat actors accessed one of its business applications and accessed customer personal information. The Parsippany, N.J.-based company has sent letters dated Sept. 4 to customers whose information was accessed in the breach, according to…
Read More