Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities “led to an entire break in the security of Sonos’s secure boot process across a wide range of devices and remotely being able to compromise several devices over the air,” NCC Group […]
Author Archives: Onsite Computing, Inc.
The American Hospital Association and the Health-ISAC issued a joint threat bulletin warning healthcare IT providers that their ransomware plans need to consider third-party risk. Go to Source Author: Jennifer Lawinski, Contributing Writer
Technology is one of the greatest assets companies have, essential to running or supporting many business processes. It’s also one of the biggest risks. That’s why IT risk assessment frameworks are vital. IT risk assessments enable organizations to evaluate the risks their systems, devices, and data are facing, whether it’s cybersecurity threats, outages, or other […]
Cybersecurity giant CrowdStrike is in talks to acquire Action1, a cloud-based patch management and vulnerability remediation company for close to $1 billion. According to a source close to the matter who requested anonymity, Alex Vovk, CEO and co-founder of Action1 shared this news with employees in an internal email. This potential acquisition could be a […]
The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a “laptop farm” to help get North Koreans remote jobs with American and British companies. Matthew Isaac Knoot is charged with conspiracy to cause damage to protected computers, conspiracy to launder monetary instruments, conspiracy to commit wire […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data. The agency said it has seen adversaries “acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart […]
The U.S. Justice Department arrested a Nashville man charged with helping North Korean IT workers obtain remote work at companies across the United States and operating a laptop farm they used to pose as U.S.-based individuals. […] Go to Source Author: Sergiu Gatlan
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. […] Go to Source Author: Bill Toulas
Microsoft reminded today that Exchange 2016 will reach the end of extended support next year on October 14 and shared guidance for admins who need to decommission outdated servers. […] Go to Source Author: Sergiu Gatlan
Researchers have found a new way to attack AWS services or third-party projects that automatically provision AWS S3 storage buckets. Dubbed Shadow Resource, the new attack vector can result in AWS account takeover, remote code execution, or sensitive data leaks. Researchers from security firm Aqua Security identified six AWS services that were creating predictably named […]