Security News
Two Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth more than $3 million to Apple with the goal of having them replaced with genuine devices. Apple offers a one-year warranty for new iPhones, enabling customers to return malfunctioning devices to Apple or authorized resellers for a replacement.
A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure. The worm searches for private keys in various locations, including shell history files, and uses them to stealthily spread to new systems after mapping the network.
CISA, the FBI, and the Environmental Protection Agency shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacks. The fact sheet they published today outlines the top eight actions U.S. Water and Wastewater Systems sector organizations can take to reduce cyberattack risks and boost their resilience against malicious activity.
Two Chinese nationals are facing a maximum of 20 years in prison after being convicted of mailing thousands of fake iPhones to Apple for repair in the hope they'd be replaced with new handsets. The Department of Justice says the pair submitted upwards of 5,000 "Inauthentic" iPhones to the tech giant "Intending to cause a loss of more than $3 million to Apple" between May 2017 and September 2019.
Infosec researchers say urgent patching of the latest remote code execution vulnerability in ConnectWise's ScreenConnect is required given its maximum severity score. In disclosing the maximum-severity authentication bypass vulnerability, ConnectWise also revealed a second weakness - a path traversal flaw with an 8.4 severity rating.
CISA has assigned CVE-2024-1708 and CVE-2024-1709 identifiers to the the two security issues, which the vendor assessed as a maximum severity authentication bypass and a high-severity path traversal flaw that impact ScreenConnect servers 23.9.7 and earlier. Threat actors have compromised multiple ScreenConnect accounts, as confirmed by the company in an update to its advisory, based on incident response investigations.
Ping Identity and Okta are among the top IAM tools on the market today and provide many of the functions large and small companies need when initiating identity and access management systems for their networks. In comparison, Okta is a leading IAM provider that offers enterprise-grade identity management for companies around the world.
The U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates. 10 million is offered for information that could lead to locating or identifying LockBit leadership, and an extra $5 million is available for tips that could lead to the apprehension of LockBit ransomware affiliates.
Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a...
All company communication needs may vary but certain standard template messages can come in handy for IT staff to keep employees up to date on "Need to know" informational bulletins. A formal set of message templates will allow you to deliver both event-based and proactive communications, which ensures that everyone is up to speed on critical developments, projects and company policies.