China-linked APT Velvet Ant Exploited Zero-Day to Compromise Cisco Nexus Switches

/in

The China-linked APT group Velvet Ant exploited a zero-day vulnerability in Cisco switches, CVE-2024-20399, to take control of network devices. The flaw in Cisco NX-OS Software’s CLI enabled attackers with Admin credentials to run arbitrary commands.

Cyware News – Latest Cyber News – ​Read More

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the “Change Favicon” feature that could allow a threat actor to

The Hacker News – ​Read More

Security Flaws in UK Political Party Donation Platforms Exposed

/in

DataDome researchers found that major UK political parties lack critical security features to protect against bot and credential stuffing attacks on their donation platforms.

Cyware News – Latest Cyber News – ​Read More

Hackers Now Use AppDomain Injection to Drop Cobalt Strike Beacons

/in

Hackers are now using AppDomain Injection to drop Cobalt Strike beacons in a series of attacks that began in July 2024. This technique, known as AppDomain Manager Injection, can weaponize any Microsoft .NET application on Windows.

Cyware News – Latest Cyber News – ​Read More

Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk

/in

This vulnerability allows local attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. With a CVSS score of 7.8, CVE-2024-38054 is a critical flaw patched by Microsoft in July.

Cyware News – Latest Cyber News – ​Read More

Scammers are increasingly using messaging and social media apps to attack

/in

Meta platforms, alongside Telegram, are among the growing number of sites used as a form of contact in 45% of scams.

Latest stories for ZDNET in Security – ​Read More

Liverpool Fans Take English Premier League Title for Ticket Scams

/in

Ticket scams are costing football fans close to £200 a season, on average, according to a report.

darkreading – ​Read More

NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams

/in

The release of new NIST quantum-proof cryptography standards signals it’s time for cybersecurity teams to get serious about preparing for the rise of quantum threats.

darkreading – ​Read More

Patch Now: Second SolarWinds Critical Bug in Web Help Desk

/in

The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds’ less-often-discussed IT help desk software.

darkreading – ​Read More