Cybersecurity News Weekly Issue 1
Welcome to the 1st issue of Cybersecurity News Weekly, which curates the latest technology industry news.
Welcome to the 1st issue of Cybersecurity News Weekly, which curates the latest technology industry news.
Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals
ZeroedIn says personal information of 2 million individuals was compromised in an August 2023 data breach that impacts Dollar Tree.
Ionut Arghire
Identity management company Okta reveals far more extensive hack of its systems | CNN Business
A September hack of popular identity management firm Okta was far more extensive than previously known and saw the hackers steal data on all users in Okta’s customer support system, the company revealed Wednesday.
Sean Lyngaas
Apple fixes two new iOS zero-days in emergency updates
Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year.
Silent cyber menace: Majority of US websites are unprotected against simple bot attacks - SiliconANGLE
Silent cyber menace: Majority of US websites are unprotected against simple bot attacks - SiliconANGLE
Duncan Riley
Hackers breach US water facility via exposed Unitronics PLCs
CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online.
Police Departments and News Sites Spreading Misinformation About How iOS 17 NameDrop Feature Works
Apple with iOS 17.1 and watchOS 10.1 introduced a new NameDrop feature that is designed to allow users to place Apple devices near one another to…
Juli Clover
Critical Vulnerability Found in Ray AI Framework
A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes.
Ionut ArghireDesign Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
Researchers reveal a critical design flaw in Google Workspace, dubbed “DeleFriend,” that could allow attackers to steal emails, exfiltrate data.
Nov 28, 2023Newsroom
Google Chrome emergency update fixes 6th zero-day exploited in 2023
Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks.
Abusing Microsoft Access “Linked Table” Feature to Perform NTLM Forced Authentication Attacks - Check Point Research
What is NTLM? What common attacks exist against it? NTLM is an extremely deprecated authentication protocol introduced by Microsoft in 1993. It is a challenge-response protocol: the server keeps a secret called an “NTLM hash” derived from the user’s password, then every time that user wants to log i…
etal
Europol arrest hackers allegedly behind string of ransomware attacks | TechCrunch
An international law enforcement operation has arrested five individuals said to be behind ransomware attacks on more than 1,800 victims.
Carly Page
Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania
Threat actors breached the Municipal Water Authority of Aliquippa in Pennsylvania and took control of a booster station
Pierluigi Paganini
BlackCat claims attack on Fidelity National Financial
One of US’s largest underwriters forced to shut down a number of key systems
Connor Jones
Lazarus is using a MagicLine4NX zero-day in supply chain attack
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.
Pierluigi Paganini
Novel Mirai-based DDoS botnet exploits 0-days to infect routers and security cameras
The newly discovered InfectedSlurs botnet is being built through the exploitation of two zero-day RCE vulnerabilities in routers and network video recorder devices.
Simon Hendery
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
Aqua Nautilus researchers found exposed Kubernetes secrets that pose a critical threat of supply chain attack to hundreds of organizations and OSS.
Yakir Kadkoda
Thank you for reading this week's edition of Cybersecurity News Weekly. Stay connected for next week's issue, where I will continue to bring you the latest cybersecurity news, keeping you informed about the ever-evolving world of cybersecurity. If you have any feedback, questions, or topics you'd like me to cover in future editions, please don't hesitate to get in touch. Until next week, keep innovating and exploring the incredible world of cybersecurity!
