Israel, Czech Republic Reinforce Cyber Partnership Amid Hamas War

/in

The agreement will facilitate the sharing of information and experience between the Israel National Cyber Directorate and the Czech National Cyber and Information Security Agency, including the possibility of internships.

Cyware News – Latest Cyber News – ​Read More

SEC Says X Account Hack was Due to SIM Swapping

/in

The Securities and Exchange Commission (SEC) experienced an account takeover on Twitter due to a SIM swap attack, where the unauthorized party gained control of the SEC’s cell phone number.

Cyware News – Latest Cyber News – ​Read More

Info Stealing Packages Hidden in PyPI

/in

Malicious Python packages on PyPI, such as nigpal, figflix, and seGMM, have been identified, with payloads designed to steal sensitive information from victims’ devices, particularly targeting Windows users.

Cyware News – Latest Cyber News – ​Read More

Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes

/in

Attackers can use stolen NTLM v2 hashes for offline brute-force attacks or authentication relay attacks, potentially compromising user accounts and gaining unauthorized access.

Cyware News – Latest Cyber News – ​Read More

Update: Hackers Start Exploiting Critical Atlassian Confluence RCE Flaw

/in

Organizations with outdated Confluence instances should treat them as potentially compromised, look for signs of exploitation, perform a thorough cleanup, and update to a safe version to mitigate the risk.

Cyware News – Latest Cyber News – ​Read More

Microsoft Falls Victim to Russia-Backed ‘Midnight Blizzard’ Cyberattack

/in

Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs.

darkreading – ​Read More

Godzilla Web Shell Attacks Stomp on Critical Apache ActiveMQ Flaw

/in

Thousands of vulnerable servers may be open to cyberattacks exploiting the max-severity CVE-2023-46604 bug.

darkreading – ​Read More

Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years

/in

Even the most careful VMware customers may need to go back and double check that they weren’t compromised by a zero-day exploit for CVE-2023-34048.

darkreading – ​Read More

Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now

/in

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.
The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem

The Hacker News – ​Read More