China-linked APT Velvet Ant Exploited Zero-Day to Compromise Cisco Nexus Switches

The China-linked APT group Velvet Ant exploited a zero-day vulnerability in Cisco switches, CVE-2024-20399, to take control of network devices. The flaw in Cisco NX-OS Software’s CLI enabled attackers with Admin credentials to run arbitrary commands.

Cyware News – Latest Cyber News – ​Read More

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the “Change Favicon” feature that could allow a threat actor to

The Hacker News – ​Read More

Security Flaws in UK Political Party Donation Platforms Exposed

DataDome researchers found that major UK political parties lack critical security features to protect against bot and credential stuffing attacks on their donation platforms.

Cyware News – Latest Cyber News – ​Read More

Hackers Now Use AppDomain Injection to Drop Cobalt Strike Beacons

Hackers are now using AppDomain Injection to drop Cobalt Strike beacons in a series of attacks that began in July 2024. This technique, known as AppDomain Manager Injection, can weaponize any Microsoft .NET application on Windows.

Cyware News – Latest Cyber News – ​Read More

Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk

This vulnerability allows local attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. With a CVSS score of 7.8, CVE-2024-38054 is a critical flaw patched by Microsoft in July.

Cyware News – Latest Cyber News – ​Read More

Scammers are increasingly using messaging and social media apps to attack

Meta platforms, alongside Telegram, are among the growing number of sites used as a form of contact in 45% of scams.

Latest stories for ZDNET in Security – ​Read More

Liverpool Fans Take English Premier League Title for Ticket Scams

Ticket scams are costing football fans close to £200 a season, on average, according to a report.

darkreading – ​Read More

NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams

The release of new NIST quantum-proof cryptography standards signals it’s time for cybersecurity teams to get serious about preparing for the rise of quantum threats.

darkreading – ​Read More

Patch Now: Second SolarWinds Critical Bug in Web Help Desk

The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds’ less-often-discussed IT help desk software.

darkreading – ​Read More