Cyber security news bulletin for 17 November 2023

Published on 17/11/2023 · Read in 1 min.

17 November 2023

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog

  • Notable vulnerabilities added to the Known Exploited Vulnerabilities (KEV) catalog by CISA, including a critical Windows security bypass (CVE-2023-1671) and a Microsoft Windows Mark-of-the-Web (MotW) flaw (CVE-2023-36584).


Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks

  • Demonstrated attack methods against Google Workspace and the Google Cloud Platform could potentially be leveraged for ransomware, data exfiltration, and password recovery attacks, posing significant risks to user data and cloud-based services.


FBI shares tactics of notorious Scattered Spider hacker collective

  • FBI and CISA release an advisory on Scattered Spider, a hacking collective collaborating with the ALPHV/BlackCat Russian ransomware group, highlighting their evasive tactics.


Toyota confirms breach after Medusa ransomware threatens to leak data

  • Toyota Financial Services (TFS) confirms unauthorized access after a Medusa ransomware attack targeted its systems in Europe and Africa.


Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

  • Google TAG reports four hacker groups exploiting a zero-day flaw (CVE-2023-37580) in Zimbra Collaboration email software, leading to data theft and credential compromise.


Fortinet warns of critical command injection bug in FortiSIEM

  • Fortinet warns customers about a critical OS command injection vulnerability in FortiSIEM report server, posing a risk of remote code execution by unauthenticated attackers.

zimbrafortinetzaro-daytoyotacisafbigoogle workspaceransomware

Newsletter

Subscribe to our newsletter to stay informed about CyberSecurity news. You can unsubscribe at any time.

More than Cyber Security

We offer a variety of services to help companies be prepared for real cyber-attacks.

Contact Us