Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products […]
Author Archives: Onsite Computing, Inc.
Hackers have breached the systems of Leidos Holdings, a major contractor for the US government, and leaked stolen internal documents online, Bloomberg News reported. The leak is believed to be tied to a previously disclosed breach of a Diligent Corp system that Leidos used. Virginia-based Leidos recently became aware of the breach and is currently […]
Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. […]
There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process. But this trend […]
The most unsafe part of our technology ecosystem isn’t the number of unpatched systems we have. Nor is it shadow IT, whether it’s homegrown software or the burgeoning bring-your-own-SaaS ecosystem. The shared responsibility model, and the impossible complexity of safely configuring systems isn’t even in the running. It’s not even the insider threat, whether we mean […]
The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team […]
Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. “On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry […]
The finance sector has been among cybercriminals’ favourite targets. Nearly one-fifth of all recent cyberattacks were aimed at financial firms, with banks being the most vulnerable of all, according to the International Monetary Fund. To help financial institutions stay resilient against these threats, the EU has introduced the Digital Operational Resilience Act or DORA, which […]
A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). The […]
A new flaw in virtual private networks (VPNs) was reported last week at a security conference. The flaw, discovered by a collection of academic and industry researchers, has to do with a vulnerability in how VPN servers assign TCP/IP communication ports and use this to attack their connection tracking feature. This flaw, called port shadowing, […]