Cyber security news bulletin for 18 November 2023

Published on 18/11/2023 · Read in 2 min.

18 November 2023

Google: Hackers exploited Zimbra zero-day in attacks on govt orgs

  • Hackers targeted government organizations by exploiting a vulnerability in Zimbra software.
  • The attack took place before the vendor released a patch to fix the vulnerability.


CISA warns of actively exploited Windows, Sophos, and Oracle bugs

  • CISA identified vulnerabilities actively exploited in Microsoft, Sophos, and Oracle products.
  • These vulnerabilities pose significant risks to various devices and enterprise solutions.


The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs

  • Ransomware gangs focused on exploiting exposed Citrix Netscaler devices to impact large organizations.
  • The exploit allows theft of data and encryption of files, potentially causing significant disruptions.


British Library: Ongoing outage caused by ransomware attack

  • The British Library experienced a major service outage due to a ransomware attack.
  • The ongoing attack could lead to further service disruptions and compromise data.


FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks

  • The FCC introduced new rules to prevent SIM swapping and port-out fraud, aiming to safeguard consumers.
  • These rules aim to prevent malicious access to personal information through cell phone account scams.


Bloomberg Crypto X account snafu leads to Discord phishing attack

  • Bloomberg Crypto's Twitter account was manipulated to lead users to a phishing site targeting Discord credentials.
  • Although a serious incident, it appears to be an isolated case.


Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware

  • Threat actors used manipulated Google ads to trick WinSCP users into installing malware.
  • This threat specifically targeted users searching for WinSCP through manipulated search results.


27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

  • An unknown actor distributed malware through PyPI, primarily affecting IT experts.
  • This specific threat involved downloading malicious Python packages from the repository.

pypipythonwinscpgoogle adsdiscordphishingsim swappingcitrixsophosoraclewindowszimbragoogle

Newsletter

Subscribe to our newsletter to stay informed about CyberSecurity news. You can unsubscribe at any time.

More than Cyber Security

We offer a variety of services to help companies be prepared for real cyber-attacks.

Contact Us