Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an “ […]
Author Archives: Onsite Computing, Inc.
Nearly one in four enterprise security execs from the US and the UK are “looking to leave their roles,” according to a recent report by BlackFog Research. “The combination of emerging threats, funding difficulties and personal liability is increasingly convincing security leaders to seek new positions,” the report said, adding that in addition to the […]
Don’t expect the earth to move when Broadcom’s VMware launches its new AI query tool for the vDefend platform early next year, says an industry analyst. “They seem to be making pragmatic promises,” Fernando Montenegro of Omdia said of the announcement Tuesday at VMware Explore Barcelona that the AI-powered Intelligent Assist will be available in […]
The Iran-linked group Emennet Pasargad aims to undermine public confidence in Israeli and Western nations by using hack-and-leak campaigns and disrupting government services, including elections. Go to Source Author: Robert Lemos, Contributing Writer
Machine learning and artificial intelligence (AI) are becoming core technologies for threat detection and response tools. The ability to learn on the fly and automatically adapt to changing cyberthreats gives cybersecurity teams an advantage. According to a survey conducted by Sapio Research on behalf of Vanta, 62% of organizations plan to invest more in AI […]
With over 200 software vendors pledged to CISA’s “secure by design” principles and a number of them having already submitted their commitment progress reports, a few unfortunate goofs show that some are more committed than others. The day before it published its progress report, Okta revealed that a bug in one of its identity and […]
An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few […]
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander “Connor” Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest […]
Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to “Android/data,” “Android/obb,” and “Android/sandbox” directories and its sub-directories, Go to […]
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company’s stolen source code. […] Go to Source Author: Lawrence Abrams