Microsoft Power Pages Leak Millions of Private Records
Less experienced users of Microsoft’s website building platform may not understand all the implications of the access controls in its low- or no-code environment.
darkreading – Read More
CISA, FBI Confirm China Hacked Telecoms Providers for Spying
CISA and the FBI have confirmed that Chinese hackers compromised the networks of telecommunications companies to spy on specific targets.
The post CISA, FBI Confirm China Hacked Telecoms Providers for Spying appeared first on SecurityWeek.
SecurityWeek – Read More
Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions
The exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them.
The post Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions appeared first on SecurityWeek.
SecurityWeek – Read More
NIST Explains Why It Failed to Clear CVE Backlog
NIST says all known exploited CVEs in the backlog have been addressed, but admitted that clearing the entire backlog by October was optimistic.
The post NIST Explains Why It Failed to Clear CVE Backlog appeared first on SecurityWeek.
SecurityWeek – Read More
Cybereason and Trustwave Announce Merger
Cybereason Chairman & CEO Eric Gan believes the merger could help its existing success in some international markets.
The post Cybereason and Trustwave Announce Merger appeared first on SecurityWeek.
SecurityWeek – Read More
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including
The Hacker News – Read More
US confirms China-backed hackers breached telecom providers to steal wiretap data
CISA and the FBI say they have uncovered a ‘broad and significant’ PRC-linked cyberespionage campaign
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure
Exploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices.
The post Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure appeared first on SecurityWeek.
SecurityWeek – Read More
Hamas Hackers Spy on Mideast Gov’ts, Disrupt Israel
APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.
darkreading – Read More
Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user’s NTLMv2 hash. It was patched by Microsoft earlier this
The Hacker News – Read More