Vulnerabilities Archives - Cyber Security Minute

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

Issued by: The Hacker News

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft). “UAT4356 deployed…

Vulnerabilities

FBI Director Wray Issues Dire Warning on China’s Cybersecurity Threat

Issued by: Dark Reading

FBI Director Christopher Wray this week delivered what might be the starkest warning yet on the threat that China-backed hackers pose to US national and economic security. In remarks at a Vanderbilt University-hosted summit on modern conflict and emerging threats, Wray described Chinese hackers as outnumbering FBI personnel by at least 50 to 1 and…

Vulnerabilities

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

Issued by: The Hacker News

Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company’s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single…

Vulnerabilities

Cybersecurity Threats Intensify in the Middle East During Ramadan

Issued by: Dark Reading

The holy month of Ramadan is a period where Middle East-based companies step up cybersecurity with extra vigilance and outsourced support amid shortened working hours and increased e-commerce activity. The ninth month of the Muslim calendar is observed around the world as followers take the time to reflect and practice fasting, and cybersecurity teams often…

Vulnerabilities

Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account

Issued by: The Hacker News

In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn’t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple…

Mobile Security, Vulnerabilities

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

Issued by: The Hacker News

Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below – CVE-2024-23225 – A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections CVE-2024-23296…

Vulnerabilities

Cisco Patches High-Severity Vulnerabilities in Data Center OS

Issued by: SecurityWeek

The first of the high-severity bugs, CVE-2024-20321, exists because External Border Gateway Protocol (eBGP) traffic “is mapped to a shared hardware rate-limiter queue”, allowing an unauthenticated, remote attacker to send large amounts of traffic and cause a denial-of-service (DoS) condition. According to Cisco, under certain conditions, the security defect impacts Nexus 3600 series switches and…

Vulnerabilities

Moscow Military Hackers Used Microsoft Outlook Vulnerability

Issued by: DataBreach Today

A campaign by Russian military intelligence to convert Ubiquiti routers into a platform for a global cyberespionage operation began as early as 2022, U.S. and foreign intelligence agencies said. The U.S. federal government earlier this month disrupted a botnet built from hundreds of Ubiquiti routers by a hacking unit of Russian military’s Main Intelligence Directorate,…

Vulnerabilities

Microsoft Outlook flaw opens door to 1-click remote code execution attacks

Issued by: CSO Online

Microsoft released its batch of monthly security updates this month covering 73 vulnerabilities, including two zero-day flaws exploited in the wild. While organizations should prioritize all critical and high-risk issues, there is one critical vulnerability in Outlook that researchers claim could open the door to trivial attacks that result in remote code execution. Dubbed MonikerLink…

Vulnerabilities

CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog

Issued by: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube Webmail Persistent Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2023-43770, to its Known Exploited Vulnerabilities (KEV) catalog. Roundcube is an open-source web-based email client. It provides a user-friendly interface for accessing email accounts via a web browser. Users can send and receive emails, manage their…