Want to know more about this topic or about us? Contact us!
Researchers who discovered two critical vulnerabilities in Microsoft SharePoint Server have released details of an exploit they developed that chains the two vulnerabilities together to enable remote code execution on affected servers. Separately, another security researcher this week posted proof-of-concept code on GitHub for one of the SharePoint vulnerabilities that . . . Read more
An old Chinese state-linked threat actor has been quietly manipulating Cisco routers to breach multinational organizations in the US and Japan. “BlackTech” (aka Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda) has been replacing device firmware with its own malicious version, in order to establish persistence and pivot from smaller, international . . . Read more
In a major update to its Windows 11 operating system this week, Microsoft has integrated Passkeys alongside Windows Hello, its biometric authentication tool. Passkeys creates a unique credential that allows users to authenticate with their face, fingerprint, or a PIN in a more secure process than the traditional password. Microsoft’s . . . Read more
Beena Ammanath. Image: Deloitte Head of AI is a trendy new job title, but do businesses actually need someone in this role? What responsibilities does it entail? We asked Beena Ammanath, executive director of the Deloitte AI Institute, leader of Trustworthy Tech Ethics at Deloitte and author of the book . . . Read more
In cybersecurity, “threat data feeds” and “threat intelligence” are often used interchangeably. They are, however, quite different. To make matters worse, the term “threat intelligence” has been co-opted and watered down by vendors, making it even more difficult to define the difference between threat data feeds and threat intelligence. An . . . Read more
Looking to move data around in the cloud? Moving massive amounts of data has become a backbone of business. It might involve switching from one cloud to another, performing continuous on-premises data migration or continuously ingesting data from a social feed without dedicated servers. Cloud migration can be a one-time . . . Read more
A series of highly sophisticated attacks have sparked significant concerns among organizations that rely on multifactor authentication (MFA), particularly those using vendors like Okta. These attacks have notably targeted hospitality groups and casinos, raising alarm bells across the industry. One particularly concerning method is the cross-tenant impersonation attack, which has . . . Read more
Image: Shuo/Adobe Stock Lenovo announced on September 20 the new TruScale for Edge and AI services that are designed to give companies immediate, scalable access to next-generation AI. The company also released the new ThinkEdge SE455 V3 edge server, an AI-ready hardware resource for businesses that build their own edge . . . Read more
The Kenyan Data Protection Commissioner has issued monetary penalties to multiple organizations over the mishandling of personal data. Mulla Pride, a digital credit provider that operates the money lending apps KeCredit and Faircash, must pay 2,975,000 Kenyan shilling ($20,114) in fines for collecting names and contact information from a third . . . Read more
Threat actors are employing an existing technique of zero-point font obfuscation in a new way to fool Microsoft Outlook users into believing phishing emails have successfully been vetted by antivirus scans. The technique could improve the likelihood that phishing emails will slip past not only security protections, but also trick . . . Read more