⚠️ Researchers uncover first-ever open-source software supply chain attacks targeting banks!

🏦 Malware authors posed as employees, tricked users with preinstall scripts, and cleverly used Azure's CDN subdomains.

Read details: https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html

🔒 Heads up, techies! A new vulnerability (CVE-2023-38408) has been uncovered in OpenSSH that can enable attackers to execute arbitrary commands remotely.

Don't wait—update now and keep your system secure.

Read: https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html

📢 Google announces support for cross-platform end-to-end encryption 🔒 with MLS protocol on its 💬 messages service for Android. Secure communication, regardless of the messaging platform used.

Read details here: https://thehackernews.com/2023/07/google-messages-getting-cross-platform.html

Zero-day vulnerabilities (CVE-2023-26077 and CVE-2023-26078) found in Atera remote monitoring software's Windows Installers can lead to privilege escalation attacks.

Read details: https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html

🔐 Apple has released urgent patches to address multiple vulnerabilities in iOS, iPadOS, macOS, tvOS, watchOS, and Safari.

This includes a critical 0-day bug (CVE-2023-38606) actively exploited in the wild.

https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html

Make sure to update your devices ASAP!

⚠️ Attention IT Admins — Ivanti warns of a zero-day vulnerability (CVE-2023-35078) in Endpoint Manager Mobile (EPMM) software.

Read details: https://thehackernews.com/2023/07/ivanti-releases-urgent-patch-for-epmm.html

Patch ASAP to protect against unauthorized access and data breaches.

⚠️ Atlassian addresses critical vulnerabilities (CVE-2023-22505, CVE-2023-22508 and CVE-2023-22506) in Confluence Server, Data Center, and Bamboo Data Center.

Read: https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html

Update now to protect against remote code execution attacks.

⚡ A serious security flaw has been found in AMD's Zen 2 processors, putting sensitive data at risk!

Discover the details of Zenbleed (CVE-2023-20593) – a speculative execution attack that allows data exfiltration at 30 kb/core/second.

Read: https://thehackernews.com/2023/07/zenbleed-new-flaw-in-amd-zen-2.html

🚨 TETRA:BURST — A series of critical vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard used by government entities and critical infrastructure worldwide, including a potential intentional backdoor!

Details: https://thehackernews.com/2023/07/tetraburst-5-new-vulnerabilities.html

🦠 New banking malware alert!

Casbaneiro threat actors are evolving their tactics to avoid detection. A User Account Control (UAC) bypass technique grants them full admin privileges on compromised machines.

Read: https://thehackernews.com/2023/07/casbaneiro-banking-malware-goes-under.html

Did you know? 57% of Apple users still believe that malware does not exist on macOS.

Cyber threats are real, even for Mac users! Hackers are targeting Apple devices with dangerous malware like Geacon and MacStealer.

Learn more: https://thehackernews.com/2023/07/macos-under-attack-examining-growing.html

💪 Be informed, use strong passwords, and keep your software updated.

North Korean state actors linked to the RGB have been identified in the JumpCloud hack! An OPSEC mistake exposed their IP address.

Find details here: https://thehackernews.com/2023/07/north-korean-nation-state-actors.html

The new report also uncovers the use of malicious Ruby scripts and payloads like FULLHOUSE.DOORED, STRATOFEAR, and TIEDYE.

🚨 Heads up, network admins!

MikroTik RouterOS vulnerability (CVE-2023-30799) exposes 500,000+ systems to potential exploitation!

Read: https://thehackernews.com/2023/07/critical-mikrotik-routeros.html

Upgrade to RouterOS 6.49.8 or 7.x ASAP!

🚨 Security Alert: A new malware family called Realst is targeting Apple macOS systems, including macOS 14 Sonoma! Written in Rust programming language, it empties cryptocurrency wallets & steals passwords.

Find details here: https://thehackernews.com/2023/07/rust-based-realst-infostealer-targeting.html

FraudGPT, the latest cybercrime AI tool, is being sold on dark web marketplaces and Telegram channels. It is claimed that it can create undetectable malware and craft convincing phishing emails.

Read: https://thehackernews.com/2023/07/new-ai-tool-fraudgpt-emerges-tailored.html

🚨 ALERT: Fenix, a Mexico-based cybercrime group, is targeting taxpayers in Mexico and Chile by cloning official tax portals to steal sensitive data.

Read: https://thehackernews.com/2023/07/fenix-cybercrime-group-poses-as-tax.html

Decoy Dog, a powerful malware, outperforms the Pupy RAT, featuring previously unknown capabilities. It can maintain communication with compromised machines and evade detection for extended periods.

Read details: https://thehackernews.com/2023/07/decoy-dog-new-breed-of-malware-posing.html

🚨 Info stealing malware on the rise! Learn the modus operandi, tactics, propagation methods of info stealers in this latest whitepaper.

Read: https://thehackernews.com/2023/07/the-alarming-rise-of-infostealers-how.html

🔒 U.S. Securities and Exchange Commission (SEC) just approved new rules mandating publicly traded companies to disclose cyberattacks with "material" impact on their finances within 4 days of identification.

Read: https://thehackernews.com/2023/07/new-sec-rules-require-us-companies-to.html

Group-IB co-founder & CEO Ilya Sachkov gets 14 years in prison over accusations of providing classified info to foreign intelligence.

Read: https://thehackernews.com/2023/07/group-ib-co-founder-sentenced-to-14.html

Beware of the new campaign targeting Apache Tomcat Servers.

Researchers detected 800+ attacks, with 96% linked to the Mirai botnet. Threat actors exploit weak security to deliver malware & crypto miners.

Read: https://thehackernews.com/2023/07/hackers-target-apache-tomcat-servers.html