Computer security

New Cyberattack Method ‘Open Sesame’ Exposes Vulnerabilities in Ruijie Networks’ IoT Devices

At Black Hat Europe 2024, researchers from Claroty Team82 revealed a critical cyberattack method named ‘Open Sesame,’ exploiting vulnerabilities in Ruijie Networks’ Reyee cloud management platform. This discovery, affecting thousands of IoT devices globally, underscores the urgent need for robust security measures in cloud-connected environments. With ten vulnerabilities identified, including three rated critical, organizations must prioritize cybersecurity to protect against potential remote code execution attacks.

APAC Businesses Face Surge in Cyber Attacks Amid Skills Shortage

Businesses in the Asia-Pacific region are facing an alarming rise in cyber attacks, averaging 2,600 threats weekly, significantly higher than the global average. Key sectors like government, healthcare, and finance are prime targets, with cybercriminals leveraging AI for sophisticated attacks, including deepfakes. Organizations are urged to adopt advanced cybersecurity measures and invest in training to address the growing skills gap. As the threat landscape evolves, proactive defense strategies are critical for safeguarding assets and maintaining business continuity.

CrowdStrike’s $32M Contract with Carahsoft Faces Scrutiny Amid IRS Concerns

Carahsoft Technology has secured a $32 million contract with CrowdStrike Holdings, raising concerns after the IRS opted not to purchase CrowdStrike’s identity threat protection software. The unusual nature of this deal has drawn scrutiny from legal experts and investors alike, affecting CrowdStrike’s stock performance. As the situation unfolds, stakeholders are closely monitoring the implications for both companies and the cybersecurity sector.

Sophos Acquires Secureworks for $859 Million to Enhance Cybersecurity Services

Sophos has announced its acquisition of US-based Secureworks for $859 million, a move set to enhance its cybersecurity services and capabilities. This strategic merger aims to integrate Secureworks’ advanced technologies, including the Taegis platform, to bolster Sophos’s offerings in Managed Detection and Response (MDR) and Extended Detection and Response (XDR). As the cybersecurity landscape evolves, this acquisition positions Sophos as a stronger contender in providing comprehensive security solutions for enterprises globally.

Hospitals Urged to Strengthen Cybersecurity Amid Rising Threats

Hospitals are increasingly vulnerable to cyber attacks, as highlighted by a recent global cyber outage. This incident exposed significant gaps in cybersecurity measures, jeopardizing patient data and disrupting medical services. Experts urge healthcare institutions to enhance their defenses by upgrading systems, conducting regular audits, and fostering a culture of security awareness. Collaboration between government and private sectors is essential to combat the growing threat of cybercrime in healthcare.

Kaspersky’s Sudden Shift to UltraAV Sparks User Concerns

Kaspersky’s unexpected transition to UltraAV raises significant concerns among users as the cybersecurity firm begins deleting its software from U.S. computers. Following its inclusion in the U.S. government’s Entity List, Kaspersky’s abrupt shift has left many users confused and anxious about their cybersecurity. Reports indicate that UltraAV’s software was installed without prior notification, prompting fears of potential malware threats. Stay informed about this evolving situation and its implications for your digital security.

CERT-IN Warns of Critical Vulnerabilities in Google Chrome

CERT-IN warns of critical vulnerabilities in Google Chrome that could expose users to remote attacks. Users are urged to update to version 128.0.6613.119 or newer to safeguard their systems against these serious ‘use after free’ vulnerabilities, which could allow unauthorized access. Stay secure by practicing good cybersecurity habits and keeping software up to date.

Surge in Cybercrime: Infostealer Malware Threatens User Privacy and Corporate Security

The rise of infostealer malware poses a significant threat to both individual privacy and corporate security, as cybercriminals exploit compromised login credentials to access sensitive information. Major companies like Ticketmaster and Santander Bank have reported data breaches linked to this malicious software, highlighting the urgent need for enhanced cybersecurity measures. Experts warn that infostealers are becoming increasingly sophisticated, making it essential for users and organizations to adopt robust security practices to safeguard their data.

CISA Warns of Exploited Twilio Authy Vulnerability

The U.S. CISA has issued a cybersecurity alert regarding a critical vulnerability in Twilio’s Authy service (CVE-2024-39891), which is being actively exploited. This information disclosure issue affects Authy app versions on Android and iOS, allowing unauthorized access to sensitive phone numbers. Twilio urges users to update their apps immediately to prevent potential phishing attacks. Organizations are advised to take these warnings seriously and enhance their security measures to protect sensitive data.

CrowdStrike Faces Backlash Over IT Outage and Apology Voucher

CrowdStrike faces backlash after a global IT outage disrupts operations for airlines, banks, and hospitals. The incident, caused by a faulty software update affecting 8.5 million computers, has raised serious concerns about the company’s software testing protocols. In an attempt to apologize, CrowdStrike offered a $10 UberEats voucher to affected partners, which has been met with widespread criticism. As discussions about financial compensation for impacted organizations arise, CrowdStrike pledges to improve its software testing processes to prevent future disruptions.