The re-election campaign for former US President Donald Trump said it has fallen victim to a cyberattack by Iranian actors, leading to the theft and distribution of sensitive internal documents. The claim, which did not divulge any specific details about the hack, came a day after Microsoft published a report that made similar accusations about […]
Author Archives: Onsite Computing, Inc.
Though AMD has released security updates to address the “Sinkclose” vulnerability in its processors, some of its older and still-popular chips will not be receiving patches. The flaw, disclosed by researchers from security firm IOActive, affects processors dating back to 2006 and could allow attackers to infiltrate systems undetected. While AMD has rolled out mitigation […]
In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress. What’s behind the surge in phishing? One popular answer is AI – particularly generative AI, which has made it trivially easier for threat actors to craft content […]
Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts. “If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts of the grid down, potentially causing Go […]
After a good year of sustained exuberance, the hangover is finally here. It’s a gentle one (for now), as the market corrects the share price of the major players (like Nvidia, Microsoft, and Google), while other players reassess the market and adjust priorities. Gartner calls it the trough of disillusionment, when interest wanes and implementations […]
The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity. “A signal handler in sshd(8) […]
Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get correctly signed X.509 […]
The February 2024 ransomware attack on Change Healthcare put the state of healthcare cybersecurity in the headlines and in front of the US Congress, with aftershocks from the seismic event still being felt. The monumental impact of the attack was evident nearly immediately. The ransomware group ALPHV (also known as BlackCat) hit Change Healthcare in […]
The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut (LNK) file that, upon opening, activates the infection sequence, culminating […]
A series of targeted cyberattacks that started at the end of July 2024, targeting dozens of systems used in Russian government organizations and IT companies, are linked to Chinese hackers of the APT31 and APT 27 groups. […] Go to Source Author: Bill Toulas