A critical vulnerability (CVE-2024-6071) was discovered in the license server for PTC’s Creo Elements/Direct product, specifically version 20.7.0.0 and prior. The vulnerability allows unauthenticated remote attackers to execute arbitrary OS commands on the underlying server, exposing it to lateral movement in industrial organizations. The flaw has been assigned a CVSS score of 10. A patch…
Cisco has announced patches for a medium-severity zero-day vulnerability (CVE-2024-20399) in the NX-OS software that has been exploited by a China-linked cyberespionage threat actor. The vulnerability affects the command line interface of NX-OS and could allow an authenticated attacker to execute arbitrary commands on the underlying operating system with root privileges. Read more
NordVPN has launched a new experimental product called File Checker, an online tool that scans files for malware and viruses. The tool uses machine learning, AI, and other advanced techniques to check against a huge database of known malicious file hashes. Users can upload suspicious files to the tool, which will alert them if the…
Attackers are improving their techniques using genAI, while security practitioners are overwhelmed by vendors offering numerous solutions. Enterprise customers are looking for platforms that provide comprehensive protection across multiple areas: users, devices, applications, data, and development environments. They desire automation, analytics, AI, and generative AI. In response to these demands, significant vendor consolidation has occurred,…
Here are the key takeaways: 1. Biometric authentication is important for next-generation Multi-Factor Authentication (MFA) as it eliminates poor password practices, reduces credential theft, and is immune to phishing attacks. 2. Biometrics offers a quick and seamless authentication process, reducing user burden and minimizing errors, lockouts, and helpdesk calls. 3. User convenience in MFA solutions…
