Popular online services like Grammarly, Vidio, and Bukalapak faced critical security vulnerabilities in their OAuth implementation that could have allowed hackers to hijack user accounts.

Find details here: https://thehackernews.com/2023/10/critical-oauth-flaws-uncovered-in.html

⚠️ WARNING — Winter Vivern, a notorious nation-state hacker group with links to Belarus and Russia, exploiting a zero-day flaw in Roundcube webmail software to steal email messages.

Learn more: https://thehackernews.com/2023/10/nation-state-hackers-exploiting-zero.html

🚨 Meet YoroTrooper: A mysterious threat actor with ties to Kazakhstan. Learn how they're using custom tools and stealthy tactics to infiltrate state-owned entities across CIS countries.

Read: https://thehackernews.com/2023/10/yorotrooper-researchers-warn-of.html

🚑 Healthcare IT professionals, take note.

A critical RCE vulnerability (CVE-2023-43208) has been uncovered in Mirth Connect, a healthcare data integration platform.

Read: https://thehackernews.com/2023/10/critical-flaw-in-nextgens-mirth-connect.html

Update to version 4.4.1 immediately to prevent unauthorized access.

🚨 ALERT: Iranian threat actor, Tortoiseshell, strikes again with new malware, IMAPLoader.

This .NET malware uses email as a command-and-control channel and targets maritime and logistics sectors.

Learn more: https://thehackernews.com/2023/10/iranian-group-tortoiseshell-launches.html

📢 Upcoming Webinars Alert:

1️⃣ Kickstart your SaaS Security Strategies
2️⃣ Dive into the State of Web App Security
3️⃣ Lock down your Financial Data

Reserve your seat now: https://www.linkedin.com/pulse/expert-led-cybersecurity-webinars-saas-web-apps-financial-gfrif/

🚨Cloudflare thwarts massive DDoS attacks exceeding 100M requests/second.

Find out how HTTP/2 Rapid Reset flaw triggered a 65% increase in Q3 attacks.

Read more: https://thehackernews.com/2023/10/record-breaking-100-million-rps-ddos.html

🔒 Web security matters more than ever. Don't miss this eye-opening case study by Reflectiz, revealing the hidden risks of rogue pixels on websites.

Privacy violations can happen even without hacking.

Learn more: https://thehackernews.com/2023/10/the-danger-of-forgotten-pixels-on.html

Microsoft warns of Scattered Spider, a financially motivated hacking crew that infiltrates firms worldwide using SMS phishing, SIM swapping, and by posing as new employees, leading to data breaches and takeovers.

Find out more: https://thehackernews.com/2023/10/microsoft-warns-as-scattered-spider.html

⚠️ Alert — Researchers expose new "iLeakage" side-channel attack targeting iOS, iPadOS, and macOS devices running on Apple's A and M-series CPUs.

Discover how sensitive data can be extracted using this new Safari exploit.

Read: https://thehackernews.com/2023/10/ileakage-new-safari-exploit-impacts.html

⚡ Urgent — F5 warns of a critical vulnerability (CVE-2023-46747) in BIG-IP, allowing unauthenticated remote code execution.

Learn more: https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html

🤖 Google expands Vulnerability Rewards Program to address vulnerabilities and attack scenarios tailored to generative artificial intelligence (AI) systems, while also strengthening the supply chain.

Learn more: https://thehackernews.com/2023/10/google-expands-its-bug-bounty-program.html

Continuous monitoring is key. Discover how Fidelis Security's Network Detection and Response (NDR) solutions offer real-time threat detection to help you stay ahead of cyber threats.

Read: https://thehackernews.com/2023/10/how-to-keep-your-business-running-in.html

🚨 North Korea's Lazarus Group strikes again. Discover how they hacked a software vendor using known security flaws.

Read more: https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html

Wiretapping attempt discovered on XMPP-based messaging service involving Hetzner and Linode hosting providers in Germany. Evidence points to a lawful foreign police request.

Learn more: https://thehackernews.com/2023/10/researchers-uncover-wiretapping-of-xmpp.html

🔒 Beware! A new cyber threat is using bogus MSIX Windows app packages for popular software like Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to spread a dangerous malware called GHOSTPULSE.

Learn more ➜ https://thehackernews.com/2023/10/hackers-using-msix-app-packages-to.html

🚨 Three new high-severity security flaws discovered in NGINX Ingress controller for Kubernetes. Hackers can steal secret credentials.

Learn more: https://thehackernews.com/2023/10/urgent-new-security-flaws-discovered-in.html

⚠️ Alert: EleKtra-Leak cryptojacking campaign is exploiting exposed AWS IAM credentials on public GitHub repositories.

Find details here: https://thehackernews.com/2023/10/elektra-leak-cryptojacking-attacks.html

ServiceNow exposes sensitive data due to misconfigurations. Learn how this could've jeopardized your business and the steps to ensure your data is secure.

Read more: https://thehackernews.com/2023/10/servicenow-data-exposure-wake-up-call.html

Join our expert panel of security veterans Emo Gokay, Multi-Cloud Security Engineer at EY Technologies and George Prichici, VP of products at OPSWAT, as they share insights and strategies gathered from the frontlines of securing critical infrastructure from advanced and persistent malware.

Join: https://thehackernews.com/2023/10/new-webinar-5-must-know-trends.html

⚡️ Pro-Hamas hacktivist group using a new Linux-based malware, BiBi-Linux Wiper, to target Israeli entities amid ongoing conflict.

Read: https://thehackernews.com/2023/10/pro-hamas-hacktivists-targeting-israeli.html