My TechDecisions

Search Results: vulnerabilities

Fortinet Vulnerability, Fortigate

Patch FortiGate SSL-VPN Devices Immediately

Fortinet is urging organizations to apply a patch to fix a critical vulnerability in its FortiGate SSL-VPN devices.

June 13, 2023 Zachary Comeau Leave a Comment

Cybersecurity firm Fortinet is warning organizations of a critical vulnerability in its FortiGate SSL-VPN devices, continuing a string of recent exploitations of vulnerabilities in similar devices due to their internet-facing nature and access to a victim’s network. The vulnerability–tracked as CVE-2023-27997–is a heap-based overflow flaw that could allow a remote attacker to execute arbitrary code […]

Read More
InfoComm Logo

InfoComm 2023 to Bridge AV/IT Gap with New Enterprise IT Program

InfoComm 2023 introduces a new enterprise IT program, featuring workshops, training, education sessions with expert speakers from Google and Microsoft.

June 9, 2023 TD Staff Leave a Comment

InfoComm 2023 will introduce a brand-new enterprise IT program focusing on AV and IT convergence, its obstacles, and trends at the show June 10-16 (exhibits 14-16) at the Orange County Convention Center in Orlando, Fla. The program will feature 30 workshops, manufacturers’ training, education sessions featuring speakers from Google to Microsoft, and a show floor […]

Read More
MOVEit, ransomware, CVE-2023-34362,

Ransomware Groups Confirmed to be Exploiting MOVEit Bug

Microsoft, cybersecurity firms say MOVEit Transfer vulnerability is being exploited by a group associated with the Clop ransomware actors.

June 5, 2023 Zachary Comeau Leave a Comment

Cybersecurity firms are reporting widespread exploitation of the MOVEit Transfer vulnerability across a wide range of organizations large and small, with some publicly confirming that known ransomware groups are leveraging the flaw. That includes Microsoft, which is attributing the attacks exploiting the bug, tracked as CVE-2023-34362, to a group it calls “Lace Tempest,” which is […]

Read More
iPhone security bug, Apple, Kaspersky

Kaspersky Discovers New 0-Click iOS Exploit

Russia-based cybersecurity firm Kaspersky warns of new 0-click exploit targeting Apple iOS devices as Russia accuses NSA.

June 1, 2023 Zachary Comeau Leave a Comment

Cybersecurity firm Kaspersky says it is investigating “previously unknown” malware targeting the company’s own employee’s Apple iOS devices that can compromise devices via the iMessage service with an attachment without any user interaction. According to Kaspersky, the message triggers a vulnerability that leads to code execution, and the code within the exploit downloads several subsequent […]

Read More
FTC Ring

FTC Accuses Ring of Watching Private Videos, Poor Security Practices

The FTC has charged Ring with compromising its customers’ privacy and failing to implement basic privacy and cybersecurity protections.

June 1, 2023 Jason Knott Leave a Comment

The Federal Trade Commission (FTC) has charged Ring with compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos. While the FTC only mentions consumer customers, Ring does offer commercial security […]

Read More
Threat Detection Trends, 2023 Hacking Trends, Expel

New Email Rules, MFA Bypass Are Top Hacking Tactics So Far in 2023

Cybersecurity firm Expel's 2023 first quarter threat report finds that hackers are hiding their activity with email rules and bypassing MFA.

June 1, 2023 Zachary Comeau Leave a Comment

Account compromise, new inbox rules designed to hide malicious activity, and multifactor authentication bypass are the most popular hacking tactics being utilized by threat actors so far in 2023, according to a new report from cybersecurity firm Expel. According to the managed detection and response provider, identity-based attacks such as account compromise, account takeover and […]

Read More
Crowdstrike Charlotte AI

CrowdStrike Launches Virtual Security Assistant Charlotte AI

CrowdStrike wants its new generative AI tool Charlotte AI to make IT and security professionals more efficient and narrow the skills gap.

May 31, 2023 Zachary Comeau Leave a Comment

CrowdStrike is launching a private customer preview of its own generative AI solution which it calls Charlotte AI, essentially an AI assistant for the company’s CrowdStrike Falcon platform designed to help any user of the platform become a power user. According to the Austin, Texas-based cybersecurity giant, Charlotte AI lets customers ask natural language questions […]

Read More
AWS Amazon Security Lake

AWS Launches General Availability of Amazon Security Lake

Amazon Security Lake automatically centralizes security data from across AWS environments, SaaS providers, on-premises and cloud sources.

May 31, 2023 Zachary Comeau Leave a Comment

AWS is launching the general availability of Amazon Security Lake, a new service designed to automatically centralize an organization’s security data from across their AWS environments, leading SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake. According to AWS, this allows customers to act on security data faster and helps them simplify […]

Read More
Red Hat Summit, AI, Enterprise Linux

Red Hat Summit 2023 Releases: AI, Automation, IT Management, Security

Generative AI, automation, IT management and security features highlight Red Hat's new product launches at Red Hat Summit.

May 24, 2023 Zachary Comeau Leave a Comment

Red Hat is holding its annual Red Hat Summit event this week and judging by the enterprise open source software giant’s product announcements, the company is keying in on AI, automation, security and productivity enhancements. Like other tech giants, the company used its event to make important announcements in generative AI to help accelerate its […]

Read More
Tenable Splunk

Tenable, Splunk Launch Partnership for Risk Prioritization

Tenable and Splunk have launched a new partnership designed to help security teams better correlate events and take action on flaws.

May 23, 2023 Zachary Comeau Leave a Comment

Vulnerability management provider Tenable and IT management platform Splunk have launched a new partnership designed to help security teams better correlate events, take action on flaws and meet compliance standards. The partnership combines Tenable’s vulnerability management insights with Splunk’s log and flow consolidation capabilities to help simplify risk prioritization, accelerate threat response and reduce overall […]

Read More