Tag

Enterprise Security

All articles tagged with #enterprise security

technology18 days ago•4 min saved

Critical pre-auth RCE in BeyondTrust remote-support tools prompts urgent patch

BeyondTrust warns of CVE-2026-1731, a pre-auth remote code execution flaw in Remote Support (RS) 25.3.1 and Privileged Remote Access (PRA) 24.3.4 and earlier, allowing unauthenticated attackers to run OS commands; patches are available by upgrading to RS 25.3.2+ and PRA 25.1.1+ (or enabling automatic updates). Cloud systems have been secured; about 11,000 instances are exposed online, with roughly 8,500 on-premises potentially vulnerable if not patched; no active exploitation is reported yet.

via BleepingComputer|

#enterprise-security #patch-management #remote-code-execution

technology1 month ago•4 min saved

Coordinated Chrome extensions harvest enterprise login cookies from Workday, NetSuite, and SAP SuccessFactors

Security researchers found five malicious Chrome extensions posing as productivity/security tools for enterprise HR/ERP platforms (Workday, NetSuite, SAP SuccessFactors) that exfiltrate authentication cookies, block security administration pages, and, in one case, inject cookies to hijack active sessions. The campaign, linked by shared infrastructure and targeting patterns, had about 2,300 installations. Extensions were taken down after disclosure; affected users should notify security admins and rotate passwords on the targeted platforms.

via BleepingComputer|

#chrome-extensions #cookie-exfiltration #cybersecurity

technology4 months ago•2 min saved

Microsoft Copilot now enables app building and workflow automation

Microsoft has introduced new Copilot agents, App Builder and Workflows, that enable users to quickly create apps and automate tasks within Microsoft 365, with a focus on security and enterprise management, currently available to select customers in the Frontier program.

via BleepingComputer|

#app-builder #automation #enterprise-security

technology2 years ago•1 min saved

"Amazon Introduces Palm-Scanning Tech for Office Access Control"

Amazon is introducing Amazon One Enterprise, a palm-scanning technology designed for businesses, allowing employees to use their hand as an authentication tool to enter offices or access sensitive information. The service is being offered to companies such as IHG Hotels and Resorts, Boon Edam, and Kone. Amazon claims that palm recognition is more private than other biometric systems and offers a cheaper and more secure solution compared to traditional security tools. However, advocacy groups have raised concerns about privacy and increased surveillance. Amazon One was originally developed as a payment system and has been deployed in various retail locations.

via CNBC|

#amazon #authentication #biometrics

technology2 years ago•2 min saved

"ChromeOS Boosts Privacy with Camera and Mic Toggles for Chromebooks"

Google is introducing new systemwide camera and microphone access toggles in ChromeOS settings that can instantly block all apps and sites from being able to use them. The new privacy controls cut off the rest of the computer’s access to the hardware, which is a software replacement to the physical camera and mic kill switch. Chromebook manufacturers can simplify the laptop design and use the built-in ChromeOS solution instead. Google is also expanding enterprise and business-oriented security features that include new identity and data control features that help IT departments manage user logins and help keep sensitive information from inadvertently traveling around and outside organizations.

via The Verge|

#chromebook #enterprise-security #google

cybersecurity2 years ago•2 min saved

Corporate Secrets Exposed Through Secondhand Routers

Researchers from ESET have found that less than half of secondhand enterprise routers in their sample were wiped of internal data, posing a risk for both the companies that sold these routers and their customers. Out of the 18 corporate routers that the researcher team purchased secondhand, only five had been wiped. Nine of the routers had been left as is, two were encrypted, one was dead, and one was a copy of another device. The nine devices that hadn’t been wiped had enough information stored on them to identify the previous owners, and also login information for the organizations’ VPN, credentials for a communication service, and hashed root administrator passwords.

via Gizmodo|

#cybersecurity #data-privacy #enterprise-security