Oct 25, 2024Ravie LakshmananVulnerability / Wi-Fi Security A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan … [Read more...] about Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite
Suite
Protect Against Adversary-in-the-Middle with Cisco’s User Protection Suite
In the blog, Understanding & Defending Against Adversary-in-the-Middle (AiTM) Attacks, we reviewed the basics of an AiTM attack and how Duo can protect against it. To recap, in an AiTM attack, the attacker sits in between the user and the real web page and steals a user’s valid session cookies. This means that they can bypass traditional authentication controls. Talos, … [Read more...] about Protect Against Adversary-in-the-Middle with Cisco’s User Protection Suite
User Protection Suite Secures Against Talos Top Ransomware Attack Trends
In Cisco Talos’ first episode of Talos Threat Perspective (TTP) episode, two Talos Threat Intelligence experts, Nick Biasini and James Nutland, discuss new research on the most prominent ransomware groups. They also pick three key topics and trends to focus on: initial access, differences among the groups, and the vulnerabilities they most heavily target. In their research, … [Read more...] about User Protection Suite Secures Against Talos Top Ransomware Attack Trends
Stopping Supply Chain Attacks with Cisco’s User Protection Suite
The Dinner Party Supply Chain Attack A supply chain attack occurs when a bad actor gains access to an organization’s people and data by compromising a vendor or business partner. Let’s think of this type of attack as if it was a dinner party. You invite your close friends over and hire a catering company that you know and trust to cook the meal. However, neither you nor the … [Read more...] about Stopping Supply Chain Attacks with Cisco’s User Protection Suite
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions … [Read more...] about Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations
If your business operations and security of sensitive data rely on Oracle's E-Business Suite (EBS), make sure you recently updated and are running the latest available version of the software.In a report released by enterprise cybersecurity firm Onapsis and shared with The Hacker News, the firm today disclosed technical details for vulnerabilities it reported in Oracle's … [Read more...] about Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations
Google Stored G Suite Users’ Passwords in Plain-Text for 14 Years
After Facebook and Twitter, Google becomes the latest technology giant to have accidentally stored its users' passwords unprotected in plaintext on its servers—meaning any Google employee who has access to the servers could have read them.In a blog post published Tuesday, Google revealed that its G Suite platform mistakenly stored unhashed passwords of some of its enterprise … [Read more...] about Google Stored G Suite Users’ Passwords in Plain-Text for 14 Years