Cisco has fixed a maximum severity vulnerability that allows attackers to change any user’s password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. […]
Author Archives: Onsite Computing, Inc.
A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. […]
Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People’s Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named “MiroTalk.dmg” that mimics the legitimate video call […]
MarineMax, self-described as the world’s largest recreational boat and yacht retailer, is notifying over 123,000 customers whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. […]
While SaaS tools are a boon for worker productivity, they introduce complexity when it comes to IT audits and compliance. Learn more from Nudge Security about automating user access reviews to simplify this process. […]
SaaS applications running on AWS can now provide tenant-level data protection as data security provider Baffle announces new integration with AWS Server Side Encryption (SSE). AWS’ SSE feature, aimed at protecting data at rest by encrypting it before saving it to disks, will now support multi-tenant encryption for SaaS data in the cloud. “This use […]
Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway […]
The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta. “AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground […]
An APT group has been exploiting a Windows vulnerability patched last week to trick users into downloading malicious files by unwittingly opening URLs in the retired Internet Explorer browser. The attack chain deploys information stealing malware and has been in use since May, when the flaw was still unknown to Microsoft. Researchers from Trend Micro, […]
A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. “The first campaign […]