August 20, 2024 at 06:42AM Microsoft will make multi-factor authentication (MFA) mandatory for all Azure customers starting in October. This measure aims to reduce the risk of account compromise and data breaches. Notifications will be sent out to customers to prepare for the enforcement date, and various MFA options will be available, with exceptions until … Read more
August 15, 2024 at 03:15PM SolarWinds advises customers to patch a critical CVE-2024-28986 vulnerability in its Web Help Desk platform, a Java deserialization RCE flaw. If exploited, attackers can run commands on the host machine. The software vendor recommends immediate patch application, urging all versions to be upgraded to 12.8.3 and the hotfix installed. Based … Read more
August 15, 2024 at 07:51AM Palo Alto Networks has released patches for high-severity vulnerabilities in its products, including a command injection issue in Cortex XSOAR, impacting the CommonScripts Pack. The Prisma Access Browser and two medium-severity issues have also been addressed. The company is not aware of any exploited vulnerabilities but has experienced targeted attacks … Read more
August 14, 2024 at 12:41PM AutoCanada was hit by a cyberattack last Sunday, impacting their internal IT systems and could cause disruptions. Based on the meeting notes provided, the clear takeaway is that AutoCanada was targeted by hackers in a cyberattack last Sunday, leading to an impact on the automobile dealership group’s internal IT systems. … Read more
August 14, 2024 at 11:16AM Tenable researchers identified vulnerabilities in Microsoft’s Azure Health Bot Service that could have been exploited by threat actors to access sensitive patient data. The vulnerabilities involved a data connection feature that allowed bots to interact with external sources, potentially leading to a server-side request forgery (SSRF) vulnerability. Microsoft released server-side … Read more
August 13, 2024 at 02:44PM Today, Microsoft’s August 2024 Patch Tuesday addresses 89 flaws with security updates, including six actively exploited and three publicly disclosed zero-days. Additionally, Microsoft is in the process of addressing a tenth publicly disclosed zero-day. Based on the meeting notes, the key takeaways are: – It is Microsoft’s August 2024 Patch … Read more
August 12, 2024 at 02:39PM Ukraine’s CERT-UA discovered malicious software being distributed through emails impersonating the country’s Security Service. The emails contain a link to download a file triggering the ANONVNC malware, allowing attackers to access victims’ devices. More than 100 government devices have been affected, and users are advised to contact CERT-UA if suspicious. … Read more
August 9, 2024 at 01:49PM Entro Security, a leader in Non-Human Identity (NHI) and Secrets Management, has announced two groundbreaking features at Black Hat USA: Optical Character Recognition (OCR) support for secret scanning and Employees Tokens Blast Radius. These unique features provide comprehensive insight and governance for secrets and NHI management, empowering security teams with … Read more
August 9, 2024 at 11:25AM A widespread malware campaign installed malicious Google Chrome and Microsoft Edge browser extensions, stealing browsing history and data. Malware employed diverse malvertising themes, infecting victims’ web browsers through fake software installers and digitally signed downloaders. The malware evaded antivirus detection, hijacked browser homepages, and persisted in the system, necessitating manual … Read more
August 7, 2024 at 11:35AM Researchers discovered a method to hide the ‘First Contact Safety Tip’ in Microsoft 365, potentially increasing the risk of users opening malicious emails. Despite reporting the flaw to Microsoft, the tech giant decided not to address it at this time. The technique involves manipulating HTML and CSS to hide the … Read more