CISA, FBI Confirm China Hacked Telecoms Providers for Spying

/in

CISA and the FBI have confirmed that Chinese hackers compromised the networks of telecommunications companies to spy on specific targets.

The post CISA, FBI Confirm China Hacked Telecoms Providers for Spying appeared first on SecurityWeek.

SecurityWeek – ​Read More

Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions

/in

The exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them.

The post Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions appeared first on SecurityWeek.

SecurityWeek – ​Read More

NIST Explains Why It Failed to Clear CVE Backlog

/in

NIST says all known exploited CVEs in the backlog have been addressed, but admitted that clearing the entire backlog by October was optimistic.

The post NIST Explains Why It Failed to Clear CVE Backlog appeared first on SecurityWeek.

SecurityWeek – ​Read More

Cybereason and Trustwave Announce Merger

/in

Cybereason Chairman & CEO Eric Gan believes the merger could help its existing success in some international markets.

The post Cybereason and Trustwave Announce Merger appeared first on SecurityWeek.

SecurityWeek – ​Read More

New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

/in

Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including

The Hacker News – ​Read More

US confirms China-backed hackers breached telecom providers to steal wiretap data

/in

CISA and the FBI say they have uncovered a ‘broad and significant’ PRC-linked cyberespionage campaign

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure  

/in

Exploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices. 

The post Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure   appeared first on SecurityWeek.

SecurityWeek – ​Read More

Hamas Hackers Spy on Mideast Gov’ts, Disrupt Israel

/in

APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.

darkreading – ​Read More

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

/in

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user’s NTLMv2 hash. It was patched by Microsoft earlier this

The Hacker News – ​Read More

Teen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal Charges

/in

Alan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.

Security Latest – ​Read More