Confidential computing safeguards data in use, making it a crucial component of cloud security. Go to Source Author: Pankaj Mendki
Author Archives: Onsite Computing, Inc.
A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. […] Go to Source Author: Sergiu Gatlan
The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. […] Go to Source Author: Lawrence Abrams
The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet service provider (ISP), managed service provider (MSP) and information technology (IT) sectors as […]
Want to know what’s the latest and greatest in SecOps for 2024? Gartner’s recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year’s report: Threat Exposure Management, Exposure Assessment Platforms (EAP), […]
Google is warning Chrome users of a critical vulnerability being actively exploited in the wild even after a patch was available. The vulnerability, tracked as CVE-2024-7965, is an inappropriate implementation security flaw in the V8 JavaScript and WebAssembly engine that received a CVSS rating of 8.8 out of 10. Google, in the advisory released with […]
Russia’s 2022 invasion of Ukraine and subsequent international sanctions against Moscow and Minsk are having serious repercussions for the cybersecurity ecosystem in Russia. The withdrawal of Western IT companies, the exodus of Russian IT specialists, and the changed cyber threat landscape due to the war in Ukraine have forced Moscow to come up with domestic solutions to improve […]
Phishing continues to be one of the primary attack mechanisms for bad actors with a variety of endgames in mind, in large part because phishing attacks are trivial to launch and difficult to fully protect against. Some phishing attacks target customers rather than employees, and others simply aim to damage your corporate reputation rather than […]
Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. “ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface,” security researcher Johann Rehberger said. “This […]
Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. “Inappropriate implementation in […]