Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid Clouds

/in

The attack affects organizations that have synced multiple on-premises Active Directory domains to a single Azure tenant.

darkreading – ​Read More

SolarWinds: Critical RCE Bug Requires Urgent Patch

/in

The vulnerability was given a high-severity CVSS score, indicating that customers should act swiftly to mitigate the flaw.

darkreading – ​Read More

Google: Iran’s Charming Kitten Targets US Presidential Elections, Israeli Military

/in

The threat group tracked as APT42 remains on the warpath with various phishing and other social engineering campaigns, as tensions with Israel rise.

darkreading – ​Read More

Research Uncovers New Microsoft Outlook Vulnerability

/in

A new vulnerability has been discovered in Microsoft Outlook by security researchers, labeled as CVE-2024-38173 with a CVSS score of 6.7. This Form Injection RCE flaw is similar to a previous vulnerability, CVE-2024-30103, patched in July 2024.

Cyware News – Latest Cyber News – ​Read More

New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack

/in

A sophisticated ValleyRAT campaign is targeting Chinese Windows users. Learn about the malware’s multi-stage attack, its ability to…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

New Phishing Attack Uses Sophisticated Infostealer Malware

/in

A new phishing attack with advanced infostealer malware has been discovered by analysts. The malware collects sensitive data like passwords, cookies, credit card info, and browsing history.

Cyware News – Latest Cyber News – ​Read More

Windows TCP/IP RCE Impacts all Systems with IPv6 Enabled, Patch Now

/in

A critical TCP/IP remote code execution (RCE) vulnerability affecting all Windows systems with IPv6 enabled has been discovered, prompting Microsoft to issue a warning urging users to patch their systems immediately.

Cyware News – Latest Cyber News – ​Read More

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw

/in

Security experts are ratcheting up the urgency for Windows admins to patch a wormable, pre-auth remote code execution vulnerability in the Windows TCP/IP stack.

The post Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw appeared first on SecurityWeek.

SecurityWeek – ​Read More

SolarWinds Urges Upgrade After Revealing Critical RCE Bug

/in

SolarWinds is advising customers to upgrade their Web Help Desk platform due to a critical vulnerability, CVE-2024-28986, discovered by Inmarsat Government researchers. The bug allows for remote code execution through Java deserialization.

Cyware News – Latest Cyber News – ​Read More

Black Basta Ransomware Gang Linked to a Malware Campaign

/in

The attacks, detected on June 20, 2024, show threat actors using various tools like AnyDesk and AntiSpam.exe to harvest credentials. They also deploy payloads like Golang HTTP beacons and Socks proxy beacons.

Cyware News – Latest Cyber News – ​Read More