Skip to content
December 2024 Page 47

December 2024

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

Many organizations struggle with password policies that look strong on paper but fail in practice because they’re too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious… 

Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library

Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library

Dec 04, 2024Ravie LakshmananSupply Chain Attack Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users’ private keys with… 

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

Dec 04, 2024Ravie Lakshmanan A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People’s Republic of China (PRC)-affiliated threat actors targeting telecommunications… 

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Dec 04, 2024Ravie LakshmananVulnerability / Ransomware Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability,… 

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Dec 04, 2024Ravie LakshmananVulnerability / Software Security A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The… 

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

Dec 04, 2024Ravie LakshmananEmail Security / Malware Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. “The ongoing…