After eight years of review and development, the US National Institute of Standards and Technology (NIST) has chosen three encryption algorithms as the basis for its post-quantum cryptography (PQC). The three new algorithms collectively cover general encryption — used to protect information exchanged across a public network — and digital signatures. For general encryption, NIST […]
Author Archives: Onsite Computing, Inc.
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster. “An attacker with command execution in a Pod running within an affected Azure Kubernetes Services cluster could download the configuration used to […]
Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the activity under the name TA453, which overlaps with activity tracked by the broader cybersecurity Go to Source […]
Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies. “Blind Eagle has demonstrated adaptability in Go […]
Since the early 2000s, open-source software, accessible to all without licensing agreements, has captured an ever-growing slice of the world’s software supply. Estimates vary, but according to Synopsis, 96% of all codebases contain open-source software, with 76% of all code originating from open-source. According to Harvard Business School researchers, open-source software has fueled a high-tech […]
Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. “A potential issue in NetSuite’s SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record types (CRTs),” AppOmni’s Aaron Costello Go to Source […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution. “Jenkins Command Line Interface (CLI) contains a […]
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. […] Go to Source Author: Lawrence Abrams
Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company’s systems on a hacking forum. […] Go to Source Author: Sergiu Gatlan
Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. […] Go to Source Author: Bill Toulas