The unprecedented pace of change in the modern workplace — cloud computing, working from home, BYOD devices and the Internet of Things — has made many of the old ways of guarding an organization’s digital assets obsolete. Firewalls, network perimeters and VPNs are no longer enough. New tools and new procedures can fill the gap, … Read more
Oct 20, 2024Ravie LakshmananVulnerability / Email Security Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified … Read more
Grafana, an open-source data analytics and visualization platform, was found to have a critical vulnerability that could lead to remote code execution. The flaw, tracked as CVE-2024-9264, which has a CVSS v4 score of 9.4, was introduced in Grafana version 11 released in May 2024, Grafana Labs disclosed Thursday. The vulnerability stems from an experimental … Read more
Oct 05, 2024Ravie LakshmananData Privacy / Mobile Security Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords … Read more
Weird Zimbra Vulnerability Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or … Read more
