Security News

After two years of the pandemic, confidence in addressing certain security risks and threats arising from hybrid and remote work has improved among businesses and organizations around the world. "The past few years have cemented remote work and work-from-anywhere as a permanent part of the security landscape, and they have also introduced new security risks and challenges. However, growing familiarity with remote work has ultimately broadened awareness on an enterprise level of daily business security risks and has strengthened both confidence and ability in security teams and products to handle those risks and threats properly," said Francois Lasnier, VP of Access Management Solutions at Thales.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an industrial control systems advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device," the agency said in a notice.

Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution or cause a denial-of-service condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers.

Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service conditions on vulnerable devices.Successful exploitation of CVE-2022-20842 with crafted HTTP input could allow attackers "To execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition," the company explains.

FileWave's mobile device management system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty security researcher Noam Moshe said in a Monday report.

Over three-quarters of employees want the option to work from home at least part-time. The ability to support a remote work program can help an organization retain employees and is a crucial component of a business continuity plan.

Remote Help relies on Azure Active Directory for that, showing the profile photo, company details, job title, email address and other information from Azure AD, so users know they can trust the person helping them, and IT staff know more about who they're helping, which may be useful for solving their problem. Remote Help uses Endpoint Manager's role-based access controls, so admins can manage permissions to choose who can help which users and what they can do.

Security researchers are warning that hackers can abuse online programming learning platforms to remotely launch cyberattacks, steal data, and scan for vulnerable devices, simply by using a web browser. DataCamp provides integrated development environments to close to 10 million users that want to learn data science using various programming languages and technologies.

Malicious individuals are using stolen personally identifiable information and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week. Deepfakes are synthetic media - images, audio recordings, videos - that make it look like a person has been doing and saying things they haven't done or said.

Qualcomm knows that if it wants developers to build and optimize AI applications across its portfolio of silicon, the Snapdragon giant needs to make the experience simpler and, ideally, better than what its rivals have been cooking up in the software stack department. That's why on Wednesday the fabless chip designer introduced what it's calling the Qualcomm AI Stack, which aims to, among other things, let developers take AI models they've developed for one device type, let's say smartphones, and easily adapt them for another, like PCs. This stack is only for devices powered by Qualcomm's system-on-chips, be they in laptops, cellphones, car entertainment, or something else.