Biztonsági szemle

Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.

Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.

Proceeds from the latest round will be used to accelerate the company’s growth into key markets such as the United States and Europe, alongside other high-growth regions.

The flaw circumvents AMD’s Secure Encrypted Virtualization, which encrypts virtual machine memory to safeguard cloud customer data, by tampering with the Serial Presence Detect chip on memory modules using hardware that can cost under $10.

According to the report, such accounts, which often use default passwords and lack proper monitoring -- exposing cloud-native environments to significant risks -- now constitute over 90% of Active Directory identities.

The product, which is now in beta for Rubrik Enterprise Edition and cloud customers, aims to address challenges associated with prolonged business outages during cyberattacks, reducing the traditional recovery timeline from days or weeks to moments.

DeviceTRUST offers solutions that focus on real-time contextual access for virtual desktop infrastructure and desktop as a service, allowing enterprises to secure digital workspaces by continuously monitoring device posture, user location, and other...

Employing tactics such as living-off-the-land techniques and targeting both Linux and Windows systems, the group is suspected to include former affiliates of LockBit and BlackCat.

Adam Meyers, senior vice president of counter-adversary operations at CrowdStrike says manual attacks, which involve direct interaction with compromised systems rather than relying on malware or automated tools, are gaining traction among...

The vulnerability, tracked as CVE-2024-44131, was discovered in the FileProvider component and has been fixed in iOS 18, iPadOS 18, and macOS Sequoia 15 through improved validation of symbolic links.

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.