The vulnerability, known as CVE-2024-20399, affects Cisco NX-OS software used for Nexus-series switches. Sygnia discovered the vulnerability during an investigation into the threat group Velvet Ant.
Cyware News – Latest Cyber News – Read More
Cisco has patched an NX-OS command injection zero-day exploited by China-linked cyberespionage group Velvet Ant.
The post Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies appeared first on SecurityWeek.
SecurityWeek – Read More
PTC has patched a critical vulnerability in the Creo Elements/Direct License Server that can be exploited for unauthenticated command execution.
The post Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations appeared first on SecurityWeek.
SecurityWeek – Read More
A South Korean ERP vendor’s product update server was breached by attackers who used it to distribute malware instead of legitimate updates, according to AhnLab, a local cybersecurity firm.
Cyware News – Latest Cyber News – Read More
Polish prosecutors are investigating a suspected Russian attack on the country’s state news agency, the Polish Press Agency (PAP). The attack, which occurred in May, aimed to spread disinformation and cause disruptions in Poland’s system or economy.
Cyware News – Latest Cyber News – Read More
The new funding will accelerate a strategic expansion for small–to mid-market-sized organizations, providing a fully managed and easy-to-deploy permissions system that is simple to maintain for their current and future authorization needs.
Cyware News – Latest Cyber News – Read More
Meta’s decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc’s competition rules by forcing users to choose between seeing ads or paying to avoid them.
The European Commission said the company’s “pay or consent” advertising model is in contravention of the Digital Markets Act (DMA).
The Hacker News – Read More
A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware.
The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected
The Hacker News – Read More
An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data.
The unnamed 42-year-old “allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them,” the Australian Federal Police (AFP) said in a press
The Hacker News – Read More
The small island nation’s new data protection and governance policy reflects a forward-thinking cybersecurity strategy.
darkreading – Read More