NIST Explains Why It Failed to Clear CVE Backlog

/in

NIST says all known exploited CVEs in the backlog have been addressed, but admitted that clearing the entire backlog by October was optimistic.

The post NIST Explains Why It Failed to Clear CVE Backlog appeared first on SecurityWeek.

SecurityWeek – ​Read More

Cybereason and Trustwave Announce Merger

/in

Cybereason Chairman & CEO Eric Gan believes the merger could help its existing success in some international markets.

The post Cybereason and Trustwave Announce Merger appeared first on SecurityWeek.

SecurityWeek – ​Read More

New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

/in

Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including

The Hacker News – ​Read More

US confirms China-backed hackers breached telecom providers to steal wiretap data

/in

CISA and the FBI say they have uncovered a ‘broad and significant’ PRC-linked cyberespionage campaign

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure  

/in

Exploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices. 

The post Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure   appeared first on SecurityWeek.

SecurityWeek – ​Read More

Hamas Hackers Spy on Mideast Gov’ts, Disrupt Israel

/in

APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.

darkreading – ​Read More

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

/in

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user’s NTLMv2 hash. It was patched by Microsoft earlier this

The Hacker News – ​Read More

Teen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal Charges

/in

Alan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.

Security Latest – ​Read More

US agencies confirm Beijing-linked telecom breach involving call records of politicians, wiretaps

/in

In a statement late on Wednesday, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) said an investigation that began in late October has revealed a “broad and significant cyber espionage campaign.”

The Record from Recorded Future News – ​Read More

Microsoft brings AI to the farm and factory floor, partnering with industry giants

/in

Credit: VentureBeat made with Midjourney

Microsoft collaborates with Siemens, Bayer, and Rockwell Automation to launch industry-specific AI models designed to boost efficiency in manufacturing, agriculture, and finance through tailored AI solutions available via Azure AI.Read More

Security News | VentureBeat – ​Read More