Chinese APT Hacks 48 Government Organizations

Earth Krahang, likely a penetration team of Chinese government contractor I-Soon, has compromised 48 government entities worldwide.

The post Chinese APT Hacks 48 Government Organizations appeared first on SecurityWeek.

SecurityWeek – ​Read More

Nations Direct Mortgage Data Breach Impacts 83,000 Individuals

Nations Direct informs 83,000 individuals that their personal information was compromised in a data breach.

The post Nations Direct Mortgage Data Breach Impacts 83,000 Individuals appeared first on SecurityWeek.

SecurityWeek – ​Read More

‘Conversation Overflow’ Cyberattacks Bypass AI Security to Target Execs

Credential-stealing emails are getting past artificial intelligence’s “known good” email security controls by cloaking malicious payloads within seemingly benign emails. The tactic poses a significant threat to enterprise networks.

darkreading – ​Read More

Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks

Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends.
“Hosting phishing lures on DDP sites increases the likelihood

The Hacker News – ​Read More

Update: 133k+ Fortinet Appliances Still Vulnerable to CVE-2024-21762

The wide geographic distribution of vulnerable SSL VPNs highlights the extensive attack surface for the critical vulnerability, with Asia having the highest number of exposed appliances.

Cyware News – Latest Cyber News – ​Read More

Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In

In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards.&

The Hacker News – ​Read More

PoC Exploit for Critical RCE in Fortra FileCatalyst Tool Released

The critical vulnerability, tracked as CVE-2024-25153 with a CVSS score of 9.8, allows remote attackers to upload files outside the intended directory and execute arbitrary code.

Cyware News – Latest Cyber News – ​Read More

Aiohttp Vulnerability in Attacker Crosshairs

A recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group.

The post Aiohttp Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.

SecurityWeek – ​Read More

UK Defence Secretary Jet Hit by Electronic Warfare Attack in Poland

Russian hackers launched an electronic warfare attack that disabled the GPS and communications systems of UK Defence Secretary Grant Shapps’ RAF Dassault Falcon 900 jet while flying near Kaliningrad.

Cyware News – Latest Cyber News – ​Read More

E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials

A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced.
Sandu Boris Diaconu was charged with conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized

The Hacker News – ​Read More