⚠️ Alert: EleKtra-Leak cryptojacking campaign is exploiting exposed AWS IAM credentials on public GitHub repositories.

Find details here: https://thehackernews.com/2023/10/elektra-leak-cryptojacking-attacks.html

ServiceNow exposes sensitive data due to misconfigurations. Learn how this could've jeopardized your business and the steps to ensure your data is secure.

Read more: https://thehackernews.com/2023/10/servicenow-data-exposure-wake-up-call.html

Join our expert panel of security veterans Emo Gokay, Multi-Cloud Security Engineer at EY Technologies and George Prichici, VP of products at OPSWAT, as they share insights and strategies gathered from the frontlines of securing critical infrastructure from advanced and persistent malware.

Join: https://thehackernews.com/2023/10/new-webinar-5-must-know-trends.html

⚡️ Pro-Hamas hacktivist group using a new Linux-based malware, BiBi-Linux Wiper, to target Israeli entities amid ongoing conflict.

Read: https://thehackernews.com/2023/10/pro-hamas-hacktivists-targeting-israeli.html

Meta is introducing a paid ad-free subscription for Facebook and Instagram in Europe to comply with data protection laws.

Read details here: https://thehackernews.com/2023/10/meta-launches-paid-ad-free-subscription.html

Canada bans WeChat and Kaspersky apps on government devices, citing privacy and security risks.

Read details: https://thehackernews.com/2023/10/canada-bans-wechat-and-kaspersky-apps.html

🤖 A malvertising scheme is using compromised websites to trick users into downloading malware-laden PyCharm promoted via Google Ads.

Read details: https://thehackernews.com/2023/10/trojanized-pycharm-software-version.html

⚠️ Alert! Atlassian warns of critical flaw (CVE-2023-22518) in Confluence Data Center and Server. Disconnect publicly accessible instances until patched to avoid data loss.

Learn more: https://thehackernews.com/2023/10/atlassian-warns-of-new-critical.html

🛡️ Penetration testing just got a major upgrade. See how PentestPad automates report generation, enhances real-time collaboration, and integrates with your favorite tools.

Read details: https://thehackernews.com/2023/10/pentestpad-platform-for-pentest-teams.html

⚠️ Alert: Cybersecurity experts uncover stealthy malware scheme in NuGet package manager. Discover how threat actors deploy SeroXen RAT through rogue packages.

Learn more: https://thehackernews.com/2023/10/malicious-nuget-packages-caught.html

Arid Viper, a cyber espionage group linked to Hamas, has been spotted targeting Arabic-speaking users with #Android spyware disguised as a dating app.

Learn more: https://thehackernews.com/2023/10/arid-viper-targeting-arabic-android.html

Russian-linked hacking group Turla evolves with an upgraded Kazuar backdoor—a multi-threaded, modular tool with extensive capabilities—focusing on anti-analysis, stealth, and evasion techniques.

Learn more: https://thehackernews.com/2023/11/turla-updates-kazuar-backdoor-with.html

🚨 ALERT: State-sponsored North Korean hackers are using a sneaky #macOS malware called KANDYKORN to target crypto engineers via Discord.

Learn more: https://thehackernews.com/2023/11/north-korean-hackers-tageting-crypto.html

🚨 Security Alert ➜ F5 warns of active exploitation of a critical flaw (CVE-2023-46747) in BIG-IP, enabling attackers to execute system commands.

Learn more: https://thehackernews.com/2023/11/alert-f5-warns-of-active-attacks.html

Protect your network—patch now!

Iranian threat actor "Scarred Manticore" has launched a year-long cyber espionage campaign targeting the Middle East finance, government, military, and telecom sectors.

Learn more: https://thehackernews.com/2023/11/iranian-cyber-espionage-group-targets.html

Are you an Amazon Web Services (AWS) customer or considering migrating to the cloud?

Then don't miss this #webinar!

Join XMCyber and AWS as we explore the top attack paths and most common #exposures in #AWS, and share best practices for efficiently mitigating these risks.

When: November 2nd, 2023

Register now: https://thn.news/NEhcd6fh

Meet "Prolific Puma," the secretive threat actor behind a dangerous link shortening service with thousands of malicious domains used for phishing and malware distribution.

Learn how this operation evades detection: https://thehackernews.com/2023/11/dns-abuse-exposes-prolific-pumas.html

🚨 Urgent: Thousands of internet-accessible ActiveMQ instances are at risk.

HelloKitty ransomware group is actively exploiting a critical Remote Code Execution (RCE) flaw, CVE-2023-46604, in Apache ActiveMQ.

Find details here ➡️ https://thehackernews.com/2023/11/hellokitty-ransomware-group-exploiting.html

📣 FIRST announces CVSS v4.0, the latest version of the Common Vulnerability Scoring System. Discover how this update addresses critical vulnerabilities.

Details here: https://thehackernews.com/2023/11/first-announces-cvss-40-new.html

🔐 Researchers uncover vulnerabilities in 34 Windows drivers that non-privileged hackers can exploit to take control of your device and execute code.

Read details: https://thehackernews.com/2023/11/researchers-find-34-windows-drivers.html

🕵️‍♂️ Iranian state-backed hackers, MuddyWater, has evolved its tactics. They're now using N-able's Advanced Monitoring Agent in their latest spear-phishing campaign.

Read details: https://thehackernews.com/2023/11/irans-muddywater-targets-israel-in-new.html