Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens.
"Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News.
The flaw, tracked as CVE-2023-37580 (CVSS score:

https://thehackernews.com/2023/11/zero-d...tware.html

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild.
The vulnerabilities are as follows -

CVE-2023-36584 (CVSS score: 5.4) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability
CVE-2023-1671 (CVSS score: 9.8) -

https://thehackernews.com/2023/11/cisa-a...-with.html

U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem

U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to infiltrate targets.
"Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their

https://thehackernews.com/2023/11/us-cyb...rn-of.html

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain.
The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

https://thehackernews.com/2023/11/27-mal...-with.html

Discover 2023's Cloud Security Strategies in Our Upcoming Webinar - Secure Your Spot

In 2023, the cloud isn't just a technology—it's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone.
In collaboration with the esteemed experts from Lacework Labs, The Hacker News proudly presents an exclusive webinar: 'Navigating the Cloud Attack Landscape: 2023 Trends, Techniques, and Tactics.'
Join us for an

https://thehackernews.com/2023/11/discov...urity.html

FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks

The U.S. Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM-swapping attacks and port-out fraud.
“The rules will help protect consumers from scammers who target data and personal information by covertly swapping SIM cards to a new device or porting phone numbers to

https://thehackernews.com/2023/11/fcc-en...otect.html

Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastruct

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023. 
"22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace," Denmark's SektorCERT said [PDF]. "The

https://thehackernews.com/2023/11/russia...-ever.html

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks

A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks.
"Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with GCPW installed, gain access

https://thehackernews.com/2023/11/hacker...space.html

From Yogurt Cups to Frunk Tub: Ford Snags Sustainable Design Award

Created from recycled packaging including and weighing the approximate equivalent of 115 post-consumer use yogurt cups, the frunk tub for the 2023 model year goes from six pieces to one.


https://media.ford.com/content/fordmedia...n-awa.html

John Lawler to Discuss Plan to Compete and Grow with Ford+ at Barclays Global Automo

Ford CFO John Lawler will discuss how the company is meeting evolving customer needs through the Ford+ plan for growth and value creation.


https://media.ford.com/content/fordmedia...at-ba.html