Critical AWS Vulnerabilities Allow S3 Attack Bonanza

Researchers at Aqua Security discovered the “Shadow Resource” attack vector and the “Bucket Monopoly” problem, where threat actors can guess the name of S3 buckets based on their public account IDs.

darkreading – ​Read More

Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption

Vulnerabilities found in solar power systems could have been exploited by hackers to cause disruption and possibly blackouts.

The post Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption appeared first on SecurityWeek.

SecurityWeek – ​Read More

SEC Ends Probe Into MOVEit Attacks Impacting 95 Million People

The SEC has closed its investigation into Progress Software’s handling of a zero-day flaw in MOVEit Transfer. Progress Software announced in a recent SEC filing that no enforcement action will be recommended by the Division of Enforcement.

Cyware News – Latest Cyber News – ​Read More

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions.
The vulnerabilities are listed below –

CVE-2024-38202 (CVSS score: 7.3) – Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21302 (CVSS

The Hacker News – ​Read More

New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.
“The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements,

The Hacker News – ​Read More

Researcher Discovers Downgrade Attack Abusing Windows Update Process

A security researcher at SafeBreach demonstrated at the Black Hat 2024 conference that two zero-day vulnerabilities can be exploited in downgrade attacks to revert fully updated Windows systems back to older versions, reintroducing vulnerabilities.

Cyware News – Latest Cyber News – ​Read More

Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes

Hacker Samy Kamkar is debuting his own open source version of a laser microphone—a spy tool that can invisibly pick up the sounds inside your home through a window, and even the text you’re typing.

Security Latest – ​Read More

Roundcube Flaws Allow Easy Email Account Compromise (CVE-2024-42009, CVE-2024-42008)

Roundcube’s vulnerabilities (CVE-2024-42009, CVE-2024-42008) allow attackers to compromise email accounts easily. The two cross-site scripting flaws could lead to the theft of emails, contacts, and passwords, and the sending of unauthorized emails.

Cyware News – Latest Cyber News – ​Read More

Microsoft 365 Anti-Phishing Feature can be Bypassed with CSS

A flaw in Microsoft 365’s anti-phishing feature allows attackers to hide the ‘First Contact Safety Tip’ warning in Outlook emails using CSS, increasing the risk of users falling for malicious emails.

Cyware News – Latest Cyber News – ​Read More

AWS Patches Vulnerabilities Potentially Allowing Account Takeovers

AWS has patched vulnerabilities in several products, including flaws that could have been exploited to take over accounts.

The post AWS Patches Vulnerabilities Potentially Allowing Account Takeovers appeared first on SecurityWeek.

SecurityWeek – ​Read More