RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks […] Go to Source Author: Sergiu Gatlan
Author Archives: Onsite Computing, Inc.
A group of Massachusetts Institute of Technology (MIT) researchers have opted to not just discuss all of the ways artificial intelligence (AI) can go wrong, but to create what they described in an abstract released Wednesday as “a living database” of 777 risks extracted from 43 taxonomies. According to an article in MIT Technology Review […]
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. […] Go to Source Author: Sergiu Gatlan
Microsoft has shared a temporary fix for a known issue that causes Microsoft 365 apps like Outlook, Word, and OneNote to unexpectedly crash while typing or spell-checking a text. […] Go to Source Author: Sergiu Gatlan
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. “SolarWinds Web Help Desk was found to be susceptible to a Java deserialization […]
As a chief information security officer (CISO), I’ve witnessed firsthand the transformation of cybersecurity from a niche IT function to a boardroom priority. Yet, despite its rise in prominence, this field is flooded with voices that often lack the depth and precision essential for true cybersecurity practice. At its core, cybersecurity is about safeguarding information […]
SAP has sealed a bunch of severe bugs affecting its systems, including two critical vulnerabilities that can allow full system compromise. On its Security Patch Day for August 2024, the software giant rolled out fixes for a total of 17 vulnerabilities, with six hot fixes — CVSS ranging between 7 and 10 out of 10 […]
Among the large batch of security patches that Microsoft released on Tuesday was an especially nasty hole within Microsoft’s Outlook email client, one that would allow an attacker full access by simply sending the user an email, even if the recipient chooses to not open the message. If the attack is successful, the end user […]
Microsoft fixed 88 vulnerabilities on Tuesday as part of its monthly patching cycle. Six of those flaws were already being actively exploited in the wild before a patch was available and another four were publicly disclosed, putting the total number of zero-day vulnerabilities covered in this release at 10. Of the 88 vulnerabilities patched only […]
Inconsistencies and lack of information in cybersecurity disclosures highlight the need for organizations to establish a robust materiality assessment framework. Go to Source Author: Yakir Golan