To prevent this, organizations should focus on developing secure hardware and firmware foundations, enabling them to manage, monitor, and remediate hardware and firmware security. Go to Source Author: Boris Balacheff
Author Archives: Onsite Computing, Inc.
Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. “A novel attack that can infer eye-related biometrics from the avatar image […]
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). “The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September,” the U.K. National Crime Agency (NCA) said. The […]
Fortinet has confirmed a data breach that has allegedly compromised 440 GB of Azure SharePoint files containing Fortinet customer data. The company, in a Thursday blog, said it suffered a security breach that has compromised a “limited” number of customer files without involving any data encryption, deployment of ransomware, or access to Fortinet’s corporate network. […]
Email forwarding, while a seemingly harmless and convenient feature, can pose significant risks to data security and compliance. When misused or left unchecked, email forwarding can lead to inadvertent data leaks, exposing sensitive information to unauthorized parties and resulting in costly compliance breaches. One of the primary risks is the accidental exposure of sensitive information. […]
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims’ banking credentials. “The mechanisms include using malformed ZIP files in combination with JSONPacker,” Cleafy security researchers Michele Roviello and Alessandro Strino said. “In addition, […]
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible. However, most tools available on the market today cannot offer a complete defense against this attack vector because they […]
Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.8) by security researcher Sina Kheirkhah of […]
At supplemental insurance provider Aflac, safeguarding information collected on behalf of employees and the customers and businesses they serve is a key tenet of the company’s culture, says Tim Callahan, global CISO. “Cybercriminals are innovative, willing to take risks, and have no regard for regulations,” Callahan says. “Criminals see the supplier channels as a softer […]
Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. “When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner,” security researcher […]