Security News
As a Cyber Security Engineer, you will perform research in the areas of cyber and network security, advise DoD and IC space system customers on secure design and implementation of systems, review network architecture designs identify security, dataflow, performance deficiencies. As a Datacenter Security Operations Manager, you will oversee the implementation of physical security policies and procedures at applicable datacenters, ensuring Microsoft's physical security vendor guard force has the resources and information to deliver physical security services that meet Microsoft and customer requirements to protect people, information, and critical infrastructure.
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution. The vulnerability, tracked as CVE-2024-6409, is distinct from CVE-2024-6387 and relates to a case of code execution in the privsep child process due to a race condition in signal handling.
Our attack requires the adversary to have network access to act as a man-in-the-middle attacker on the connection between the victim device's RADIUS client and RADIUS server. The Blast RADIUS flaw is understood to affect RADIUS deployments that use PAP, CHAP, MS-CHAPv2, and other non-EAP authentication methods.
73% of security professionals admit to using SaaS applications that had not been provided by their company's IT team in the past year, according to Next DLP. Unauthorized tool use poses major risks for organizations. A survey of more than 250 global security professionals also revealed that despite having a laissez-faire attitude towards shadow SaaS, security professionals have taken a more cautious approach to GenAI usage.
Patch Tuesday Clear your Microsoft system administrator's diary: The bundle of fixes in Redmond's July Patch Tuesday is a doozy, with at least two bugs under active exploitation. The first of two vulnerabilities for sure under active exploit - CVE-2024-38080 - is a Windows Hyper-V elevation of privilege flaw with a 7.8-out-of-10 CVSS rating, which Microsoft deemed "Important."
The FBI and cybersecurity agencies in Canada and the Netherlands say they have taken down an almost 1,000-strong Twitter bot farm set up by Russian state-run RT News that used generative AI to spread disinformation to Americans and others. The international crime busters seized two web domains and 968 X accounts that were integral parts of the bot farm, the US Department of Justice said in a statement Tuesday.
Almost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement...
Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. [...]
Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year. [...]
For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days in Windows Hyper-V and Windows MSHTML Platform. CVE-2024-38080 is a integer overflow or wraparound bug affecting Hyper-V, Windows' native hypervisor for creating virtual machines on systems running Windows and Windows Server.