The security benefits of multifactor authentication (MFA) are well-known, yet MFA continues to be poorly, sporadically, and inconsistently implemented, vexing business security managers and their users. Often, MFA users have an extra workflow burden with the additional factors, one of many obstacles to their continued success. And the frequent news stories that describe innovative ways […]
Author Archives: Onsite Computing, Inc.
The exponential growth of non-human identities (NHI) — service accounts, system accounts, IAM roles, API keys, tokens, secrets, and other forms of credentials not associated with human users — has created a surge in their inclusion in security incidents and data breaches. Here are three key areas to focus on when you’re building out your […]
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. “Type confusion in V8 in Google Chrome prior […]
Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. “The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and Go to Source Author:
GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5. “On GitHub Enterprise Server instances […]
Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. “Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said in a technical report. “ Go to […]
Analysts have been picking up increased cases of malware delivery via Windows Installer files in Southeast Asia. Go to Source Author: Nate Nelson, Contributing Writer
A CrowdStrike executive has taken to LinkedIn to dismiss reports that the security software vendor was in talks to acquire patch management tool maker Action1. In early August, reports by publications including CSOonline and CyberSecurity Dive referenced an internal email from Action1 CEO and co-founder Alex Vovk saying that CrowdStrike was interested in acquiring Action1 […]
A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. […] Go to Source Author: Bill Toulas
Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one exploited in attacks this year. […] Go to Source Author: Sergiu Gatlan