Tag: Vulnerabilities
‘We’re not sure why they don’t list [the vulnerability] as being under active attack, but you should treat it as though it were,’ writes Trend Micro’s Dustin Childs. Microsoft’s monthly release of security fixes addresses five zero-day vulnerabilities that are seeing active exploitation, despite the company only listing four zero days in its disclosure Tuesday,…
Read MoreThe vulnerability in the vendor’s SonicOS firmware affects a wide array of SonicWall firewalls. A critical-severity vulnerability affecting a wide array of SonicWall firewalls has been exploited by threat actors to deploy ransomware, according to security researchers. The access control flaw (tracked at CVE-2024-40766) impacts firewalls running multiple versions of the vendor’s SonicOS firmware—SOHO (Gen…
Read MoreThis year’s leading news stories (so far) include the ongoing AI wave that’s remaking the IT industry, the impact of three multi-billion-dollar acquisition deals, the contrasting fortunes of two of the industry’s leading semiconductor companies – and what was likely the biggest IT system failure to date. AI Highs, Service Failure Lows The top news…
Read MoreA zero-day vulnerability in Versa Director has reportedly been exploited by Chinese government hackers to target internet service providers and MSPs. Internet service providers and MSPs are the main targets of a cyberattack campaign exploiting a Versa Networks SD-WAN vulnerability and linked to the Chinese government, according to security researchers and media reports. The attacks…
Read More‘Nothing is safe anymore. The more layers of protection we can have, the better I sleep,’ Randy Jorgensen, managing member of South Jordan, Utah-based RJNetworks, tells CRN. Microsoft will take a phased approach to its requirement that all Azure users adopt multi-factor authentication, starting with Azure portal, Microsoft Entra administration center and Intune admin center…
Read More‘These types of vulnerabilities are frequent attack vectors,’ CISA says in a post online. A government agency is warning about threat actors exploiting a Java deserialization remote code execution vulnerability in SolarWinds Web Help Desk. The U.S. Cybersecurity and Infrastructure Security Agency has added the exploit to its Known Exploited Vulnerabilities Catalog under the code…
Read MoreIranian hackers tied to recent U.S. presidential campaign cyberattacks abuse services like Google Workspace, Dropbox and OneDrive, says Google in a new cybersecurity report. Google’s Theat Analysis Group found an Iranian government-backed hacking group, known as APT42, has conducted phishing cyberattacks targeting “accounts associated with the U.S. presidential election.” “In May and June, APT42 targets…
Read MoreNew disclosures Monday pointed to attacks exploiting vulnerabilities in the three vendors’ platforms. New disclosures Monday revealed attacks exploiting vulnerabilities in widely used platforms from VMware, ServiceNow and Acronis. The attacks have included exploits of two critical-severity vulnerabilities in ServiceNow’s Now Platform as well as a critical vulnerability affecting Acronis Cyber Infrastructure. [Related: SentinelOne CEO:…
Read MoreNew data from cloud insurance firm Parametrix sheds light on the financial cost of the massive CrowdStrike outage last week that affected millions of Microsoft devices. The massive CrowdStrike outage that affected millions of Microsoft devices is predicted to cost U.S. Fortune 500 companies $5.4 billion in total direct financial loss, with an average loss…
Read More‘We did send these to our teammates and partners who have been helping customers through this situation,’ according to a CrowdStrike spokesperson. CrowdStrike has confirmed to CRN that it sent partners Uber gift cards that stopped working – a gesture of appreciation mocked online as the cybersecurity vendor and solution providers deal with the fallout…
Read MoreRecent Posts
- Bug Left Some Windows PCs Dangerously Unpatched – Krebs on Security
- Microsoft fixes Windows Server performance issues from August updates
- Microsoft’s Patch Release Covers Five Exploited Zero-Day Bugs, Not Four: Researcher
- AWS CEO ‘Bullish’ On Homemade Chip Future: ‘We Can Optimize Like Crazy’
- Cisco Releases Security Updates for Cisco Smart Licensing Utility | CISA