Russian threat actor Shuckworm escalates cyber assaults on Ukrainian entities, targeting security services and government organizations. New report exposes long-running intrusions and theft of sensitive information.

Read: https://thehackernews.com/2023/06/new-report-reveals-shuckworms-long.html

Researchers uncover a concerning software supply chain attack using expired Amazon S3 buckets to distribute malware-infected binaries.

Read about it here: https://thehackernews.com/2023/06/new-supply-chain-attack-exploits.html

Is your vulnerability management program falling short?

Struggling to align security and non-security teams?

Discover how to overcome the challenge & successfully implement a Continuous Threat Exposure Management (CTEM) program.

Read👉 https://thehackernews.com/2023/05/3-challenges-in-building-continuous.html

Attention Android users: Beware of the latest version of GravityRAT! It disguises itself as messaging apps, stealing WhatsApp backups, deleting call logs, and files.

Learn more about it here: https://thehackernews.com/2023/06/warning-gravityrat-android-trojan.html

Vidar malware evolves to conceal its tracks! Threat actors behind Vidar are changing their backend infrastructure, rotating IP addresses and utilizing VPN servers.

Learn more about this info-stealer: https://thehackernews.com/2023/06/vidar-malware-using-new-tactics-to.html

New findings reveal that ransomware actors, cryptocurrency scammers, and nation-state hackers are exploiting cloud mining services to launder cryptocurrencies.

Learn details here: https://thehackernews.com/2023/06/ransomware-hackers-and-scammers.html

🚨 Progress Software discloses 3rd critical flaw in MOVEit Transfer app—SQL injection—allowing unauthorized access & escalated privileges.

https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html

Meanwhile, Cl0p ransomware gang exploits MOVEit flaws, targets 27 hacked companies, incl. U.S. federal agencies.

Mandiant's latest report uncovers UNC4841, an espionage actor linked to the People's Republic of China, exploiting a recently patched zero-day flaw in Barracuda Email Security Gateway.

Find out how this skilled group targeted organizations worldwide: https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.html

The U.S. Department of Justice charges a 20-year-old Russian national for deploying LockBit ransomware worldwide. The suspect was arrested in Arizona last month.

Read details: https://thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html

🐍 ChamelGang's new weapon unveiled: ChamelDoH. This powerful Linux backdoor uses DNS-over-HTTPS for covert communication.

Discover how this previously undocumented backdoor infiltrates, executes remote commands, and evades detection: https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.html

Romanian Diicot hackers now equipped with off-the-shelf botnet, ready to launch DDoS attacks. Their activities span cryptojacking and doxxing rival hacking groups.

Learn more: https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html

Microsoft has officially confirmed that Layer 7 DDoS attacks caused disruptions in Azure, Outlook, and OneDrive services.

Read details here: https://thehackernews.com/2023/06/microsoft-blames-massive-ddos-attack.html

Sustained cyber-espionage attacks targeting Middle East and Africa governmental entities! Sophisticated techniques involving credential theft and MS Exchange email exfiltration used to obtain highly sensitive information.

Read details: https://thehackernews.com/2023/06/state-backed-hackers-employ-advanced.html

New sophisticated toolkit targeting Apple macOS systems discovered by cybersecurity researchers. Undetected malicious artifacts pose a serious threat, while permission checks raise concerns about a complex attack.

Read details: https://thehackernews.com/2023/06/researchers-discover-new-sophisticated.html

New malware alert! Mystic stealer targets 40 web browsers, 70 browser extensions, cryptocurrency wallets, Steam, and Telegram. It employs anti-analysis techniques and defense evasion, reflecting current malware trends.

Details: https://thehackernews.com/2023/06/new-mystic-stealer-malware-targets-40.html

Weak access controls, network misconfigurations & more. Infrastructure as Code (IaC) Security is crucial!

Checkmarx's AI Guided Remediation for IaC Security & KICS provides actionable steps & advice for faster remediation.

Learn more: https://thehackernews.com/2023/06/introducing-ai-guided-remediation-for.html

Warning: Android users in Pakistan are facing a sophisticated attack. Fake apps, like "iKHfaa VPN" and "nSure Chat," are being used to extract personal data and compromise devices.

Read details here: https://thehackernews.com/2023/06/rogue-android-apps-target-pakistani.html

⚡ Over 100,000 OpenAI ChatGPT account credentials have been compromised and sold on the dark web.

Cybercriminals are targeting the valuable information stored in these accounts.

Read details: https://thehackernews.com/2023/06/over-100000-stolen-chatgpt-account.html

Take necessary precautions to safeguard your data.

🔒 Take action now! ASUS has released firmware updates to fix nine security bugs impacting router models.

Key fixes: CVE-2018-1160 and CVE-2022-26376. Update firmware, disable WAN services, and conduct regular audits for maximum security.

Read details: https://thehackernews.com/2023/06/asus-releases-patches-to-fix-critical.html

🚨 Experts expose a year-long cyber operation targeting an East Asian IT firm, deploying custom malware called RDStealer to compromise data and steal credentials.

Learn more: https://thehackernews.com/2023/06/experts-uncover-year-long-cyber-attack.html

⚠️ Attention Zyxel NAS users! A new critical vulnerability (CVE-2023-27992) could allow attackers to run arbitrary commands on affected systems.

Read details: https://thehackernews.com/2023/06/zyxel-releases-urgent-security-updates.html

Don't wait—apply the security update immediately!