RSS_Virtulization

During a recent client engagement, the DGC penetration testing team identified a previously unknown vulnerability affecting the Autodesk Licensing Service, a software component bundled with nearly all licensed Autodesk products. The vulnerability exists in a software component common to most Autodesk products and impacts nearly all organizations using licensed Autodesk software in any capacity. The Common Vulnerabilities and Exposures number is CVE-2021-27032, Autodesk Licensing Service: Local Privilege Escalation. Because these software products are so widely…

The average cost of phishing for large US organizations has soared by 289% over the past six years, with firms now losing nearly $15m annually, according to Proofpoint. The security vendor commissioned the Ponemon Institute to poll nearly 600 IT and IT security practitioners to compile its latest Cost of Phishing study. It revealed that the average large US organization loses $14.8m per year to phishing-related cybercrime, up from $3.8m in 2015 and calculated at…

Security researchers have found yet another critical IoT supply chain vulnerability affecting millions of devices, which could enable attackers to eavesdrop on real-time camera feeds. Mandiant revealed the CVE-2021-28372 bug yesterday after reporting it to the Cybersecurity and Infrastructure Security Agency (CISA). It affects devices using the “Kalay” platform from Taiwanese firm ThroughTek, which makes software for OEMs to use in IP cameras, baby and pet monitoring cameras, digital video recorders (DVRs) and more. Although Mandiant…

A vulnerability in BlackBerry’s QNX Real-Time Operating System (RTOS) could pose a serious security risk to critical infrastructure providers, the US government has warned. Microsoft first discovered the so-called “BadAlloc” flaws in April. These remote code execution (RCE) bugs cover over 25 CVEs and take the form of integer overflow or wraparound vulnerabilities, it said at the time. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning that the QNX RTOS is vulnerable to one of…

The top certification on the annual Skillsoft list has a salary of more than $171,000. Find out what certifications you should be working toward. Image: fizkes/Shutterstock At a salary of $171,749, Google certified professional data engineer is the highest paying job on Skillsoft’s newly released annual Global Knowledge 15 Top-Paying Certifications List, which reveals the most in-demand skills and technology areas for organizations, as well as the average salaries associated with them. SEE: The best…

Yik Yak Returns An app that allows users within a 5-mile radius to communicate anonymously has been relaunched four years after it shut down. Yik Yak was first launched in 2013 and quickly became the ninth most downloaded social media app in the United States, reaching 1.8 million downloads by September 2014.  Created by college students Tyler Droll and Brooks Buffington, the app was a hit with America's teens but became dogged by instances of cyber-bullying and violent threats. …

By Glenn Mabry, Senior Instructor / Tech Researcher for Legends of Tech Digital security is one of the top priorities for today’s business world. The internet has enabled businesses to work with customers and clients all over the world – and now that remote work is becoming more common, even a company’s workforce relies on their online network to share and store sensitive information. Businesses invest heavily in their digital presence, from website design to…

The US FINRA warns US brokerage firms and brokers of an ongoing phishing campaign impersonating its representatives to steal sensitive info. The US Financial Industry Regulatory Authority (FINRA) is warning US brokerage firms and brokers of an ongoing phishing campaign. Threat actors are impersonating FINRA officials and are using the threat of penalties to trick victims recipients into providing sensitive information. The regulator reported that threat actors behind the campaign are using multiple domains (i.e., finrar-reporting[.]org, finpro-finrar[.]org, gateway2-finra[.]org) impersonating the…