The two vulnerabilities affect versions before 3.07.01 and could result in remote code execution (RCE), and privilege escalation within the Aspect Control Engine software, potentially giving an attacker complete control over the BMS.

OneDrive can be used for user enumeration as it creates a unique URL for each user that is tied to their Azure/M365 account. This is possible because OneDrive doesn’t require a login attempt, is completely silent, and there’s no rate-limiting.

Kopeechka is offering to help cybercriminals cut costs associated with large-scale spam and account creation campaigns by paying people to sell their email credentials and allowing customers to rent access to established accounts at major providers.

Outpost24, a leading cybersecurity risk management platform, announced the acquisition of Sweepatic. Based in Leuven (BE), Sweepatic is an innovative external attack surface management (EASM) platform.

The government of Nova Scotia and the University of Rochester are the first organizations in North America to confirm data theft as a result of the exploitation of a new vulnerability affecting popular file transfer tool MOVEit.

The US Ninth Circuit Court of Appeals last week ruled that Enigma Software Group can pursue its long-standing complaint against rival security firm Malwarebytes for classifying its software as “potentially unwanted programs” or PUPs.

The key element is the option for European Economic Area (EEA) data storage. Paid customers will be able to specify certain data for meetings, webinars, and team chats to be stored within the EEA.

The U.S. aerospace industry has recently been targeted by an unidentified threat actor leveraging a newly discovered malware that researchers named PowerDrop. Its sophisticated evasion techniques include deception, encoding, and encryption.  The company suggests conducting vulnerability scans on Windows systems and remaining vigilant for any unusual pinging activity.

VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information.

Passkeys are an alternative authentication method to passwords, allowing users to sign in to apps and websites with their fingerprint, with facial recognition, or with their device’s PIN or pattern.