Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

/in

A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People’s Republic of China (PRC)-affiliated threat actors targeting telecommunications providers.
“Identified exploitations or compromises associated with these threat actors’ activity align with existing weaknesses associated with victim infrastructure; no novel

The Hacker News – ​Read More

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

/in

Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses.
“The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook’s spam filters, allowing the malicious emails to reach your inbox,” ANY.RUN said in a series of posts on X.
The

The Hacker News – ​Read More

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

/in

Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances.
The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.
“From the VSPC management agent machine, under

The Hacker News – ​Read More

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

/in

A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory.
The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions.
IdentityIQ “allows

The Hacker News – ​Read More

FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign

/in

Guidance issued by the FBI and CISA is intended to help root out the hackers and prevent similar cyberespionage.

The post FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign appeared first on SecurityWeek.

SecurityWeek – ​Read More

15 SpyLoan Apps Found on Play Store Targeting Millions

/in

SUMMARY Cybercriminals are exploiting SpyLoan, or predatory loan apps, to target unsuspecting users globally. McAfee cybersecurity researchers report…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

The Role of Salesforce Implementation in Digital Transformation

/in

Companies today constantly look for ways to improve their work with customers and perform better overall. The transition…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

US says Chinese hackers are still lurking in American phone networks

/in

The China-backed hackers are reportedly still inside the networks of some of America’s largest phone and internet companies, weeks after the hacks were disclosed.

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

Decade-Old Cisco Vulnerability Under Active Exploit

/in

Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability.

darkreading – ​Read More

With Threats to Encryption Looming, Signal’s Meredith Whittaker Says ‘We’re Not Changing’

/in

At WIRED’s The Big Interview event, the president of the Signal Foundation talked about secure communications as critical infrastructure and the need for a new funding paradigm for tech.

Security Latest – ​Read More