Security Archives

Security

Cisco warns of max severity RCE flaws in Identity Services Engine

Posted on June 26, 2025 by Onsite Computing, Inc.

Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). […] Go to Source Author: Bill Toulas

Continue reading →

Security

Man pleads guilty to hacking networks to pitch security services

Posted on June 26, 2025 by Onsite Computing, Inc.

A Kansas City man has pleaded guilty to hacking multiple organizations to advertise his cybersecurity services, the U.S. Department of Justice announced on Wednesday. […] Go to Source Author: Sergiu Gatlan

Continue reading →

Security

3 key takeaways from the Scattered Spider attacks on insurance firms

Posted on June 26, 2025 by Onsite Computing, Inc.

Identity is the new battleground—and Scattered Spider exploits it. Join Push Security to unpack how identity-based attacks are reshaping the threat landscape, and how to defend against MFA bypass, help desk scams, and more. Watch the webinar now. […] Go to Source Author: Sponsored by Push Security

Continue reading →

Security

Microsoft 365 ‘Direct Send’ abused to send phishing as internal users

Posted on June 26, 2025 by Onsite Computing, Inc.

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called “Direct Send” to evade detection by email security and steal credentials. […] Go to Source Author: Lawrence Abrams

Continue reading →

Security

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks

Posted on June 26, 2025 by Onsite Computing, Inc.

CISA says a maximum severity vulnerability in AMI’s MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation. […] Go to Source Author: Sergiu Gatlan

Continue reading →

Security

British hacker ‘IntelBroker’ charged with $25M in cybercrime damages

Posted on June 25, 2025 by Onsite Computing, Inc.

A British national known online as “IntelBroker” has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages. […] Go to Source Author: Lawrence Abrams

Continue reading →

Security

Hackers turn ScreenConnect into malware using Authenticode stuffing

Posted on June 25, 2025 by Onsite Computing, Inc.

Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client’s Authenticode signature. […] Go to Source Author: Lawrence Abrams

Continue reading →

Security

Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks

Posted on June 25, 2025 by Onsite Computing, Inc.

A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft’s ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. […] Go to Source Author: Ionut Ilascu

Continue reading →

Security

New wave of ‘fake interviews’ use 35 npm packages to spread malware

Posted on June 25, 2025 by Onsite Computing, Inc.

A new wave of North Korea’s ‘Contagious Interview’ campaign is targeting job seekers with malicious npm packages that infect dev’s devices with infostealers and backdoors. […] Go to Source Author: Bill Toulas

Continue reading →

Security

Citrix warns of NetScaler vulnerability exploited in DoS attacks

Posted on June 25, 2025 by Onsite Computing, Inc.

Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. […] Go to Source Author: Lawrence Abrams

Continue reading →