#ITServices

Accenture and SandboxAQ Collaborate to Help Organizations Protect Data

by

January 16, 2024 at 05:44PM Accenture and SandboxAQ are partnering to offer AI and quantum computing solutions for cybersecurity vulnerabilities. The collaboration aims to help organizations identify and mitigate threats posed by AI-enabled cyberattacks and quantum computing-based decryption. Accenture will leverage SandboxAQ’s Security Suite to provide comprehensive AI-enabled cryptographic management. The partnership will also develop … Read more

GitHub rotates keys to mitigate impact of credential-exposing flaw

by

January 16, 2024 at 05:23PM GitHub resolved vulnerabilities enabling attackers to access credentials in production containers by patching CVE-2024-0200. The update applies to GitHub Enterprise Server versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. While potential exploitation requires an organization owner role, GitHub rotated exposed credentials and urges swift security update installation. Additionally, a command injection vulnerability … Read more

MacOS info-stealers quickly evolve to evade XProtect detection

by

January 16, 2024 at 04:34PM The macOS platform faces persistent challenges with information stealers evading detection, as highlighted in a report by SentinelOne that presents three malware examples circumventing XProtect. KeySteal, Atomic Stealer, and CherryPie showcase the ability of malware to evolve and avoid detection, emphasizing the need for advanced security measures beyond static detection. … Read more

Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet

by

January 16, 2024 at 04:34PM Ivanti VPNs globally compromised due to two unpatched zero-day vulnerabilities, allowing attackers to gain network access. Thousands infected, primarily by group UTA0178, with no available patches until Jan. 22 and Feb. 19. Ivanti released a mitigation and Integrity Checker Tool for existing compromises. Customers advised to follow incident response playbook … Read more

Google Warns of Chrome Browser Zero-Day Being Exploited

by

January 16, 2024 at 04:24PM Google has released an urgent Chrome browser update to address three high-severity security flaws, warning that one is currently being exploited in the wild. The exploited zero-day, CVE-2024-0519, is an out-of-bounds memory access issue in the V8 JavaScript engine. The update also covers two additional high-risk memory safety issues. This … Read more

Citrix warns of new Netscaler zero-days exploited in attacks

by

January 16, 2024 at 03:33PM Citrix has warned customers to immediately patch their vulnerable Netscaler ADC and Gateway appliances against actively exploited zero-day vulnerabilities (CVE-2023-6548 and CVE-2023-6549). The company advises blocking network traffic to affected instances if updates cannot be deployed immediately, and separating the management interface from internet exposure to reduce the risk of … Read more

Locking down the edge

by

January 16, 2024 at 03:22PM As operational functions move to distributed sites and devices, edge security becomes a growing concern. Hosting data at edge locations presents increased vulnerabilities, especially in sectors like healthcare and manufacturing. Edge breaches can have severe consequences and require high-level cybersecurity protection. Dell Technologies’ webinar discusses these challenges and proposes a … Read more

Google fixes first actively exploited Chrome zero-day of 2024

by

January 16, 2024 at 02:14PM Google has released security updates to address the first Chrome zero-day vulnerability (CVE-2024-0519) exploited since the beginning of the year. This high-severity flaw in the Chrome V8 JavaScript engine allows attackers to access sensitive data, trigger crashes, and potentially execute arbitrary code. Google also fixed two other vulnerabilities (CVE-2024-0517 and … Read more

Majorca city Calvià extorted for $11M in ransomware attack

by

January 16, 2024 at 01:52PM Calvià City Council in Majorca was hit by a ransomware attack, affecting municipal services. With a population of 50,000 and a major tourism destination, it formed a crisis committee to assess the damage. IT specialists are conducting forensic analysis while administrative deadlines have been suspended till Jan 31, 2024. The … Read more

Double trouble for VMware and Atlassian admins – there are critical flaws to fix

by

January 16, 2024 at 01:12PM Critical vulnerabilities in Atlassian and VMware products have been revealed. Atlassian’s Confluence Data Center and Server have a flaw allowing remote code execution, and Jira Software Data Center and Server are susceptible to XML external entity attacks. VMware’s Aria Automation faces a missing access control issue, all requiring immediate patching … Read more