SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. “The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing [a] remote unauthenticated user to access internal functionality and modify […]
Author Archives: Onsite Computing, Inc.
Microsoft has confirmed the August 2024 Windows security updates are causing Linux booting issues on dual-boot systems with Secure Boot enabled. […] Go to Source Author: Sergiu Gatlan
A data extortion campaign that compromises AWS resources through credentials collected from environment (.env) files stored insecurely on web servers has been uncovered by Unit 42 researchers. The exposed files contained AWS access keys, credentials for databases and social media accounts, API keys for SaaS applications and email services, as well as access tokens for […]
Details have emerged about a China-nexus threat group’s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware […]
A prompt injection flaw in the AI feature of the workforce collaboration suite makes malicious queries of data sources appear legitimate. Go to Source Author: Elizabeth Montalbano, Contributing Writer
As many as 15,000 applications using Amazon Web Services’ (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That’s according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast. “This vulnerability allows attackers to Go to […]
SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. […] Go to Source Author: Sergiu Gatlan
In the next year, more than 35,000 applications will move to end-of-life status. To manage risk effectively, we need to plan ahead. Go to Source Author: Matt Middleton-Leal
A member of the Russian Karakurt ransomware group has been charged in the U.S. for money laundering, wire fraud, and extortion crimes. […] Go to Source Author: Bill Toulas
What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization’s digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an Go to Source […]