🛡️ Novel attack methods targeting Google Workspace and Cloud Platform could lead to ransomware, data exfiltration, and password recovery attacks from a single compromised machine.

Discover how these attacks unfold: https://thehackernews.com/2023/11/hackers-could-exploit-google-workspace.html

U.S. agencies warn of Rhysida ransomware double extortion attacks on multiple industries, including education, manufacturing, IT, and government sectors.

Explore the details: https://thehackernews.com/2023/11/cisa-and-fbi-issue-warning-about.html

🚨 Are your ex-employees still accessing company data?

Discover how Nudge Security revolutionizes offboarding by identifying and securing unmanaged accounts, safeguarding your sensitive data.

Read: https://thehackernews.com/2023/11/how-to-automate-hardest-parts-of.html

Don't let your company's security be an afterthought!

🕵️‍♂️ Meet DarkCasino: From Zero-Day Exploit to APT Threat.

Cybersecurity experts classify DarkCasino as a powerful APT group after exploiting a WinRAR flaw.

Learn more: https://thehackernews.com/2023/11/experts-uncover-darkcasino-new-emerging.html

🚨 ALERT: Four groups exploited a zero-day vulnerability in Zimbra Collaboration email software to steal email data, credentials, and tokens.

🛠️ Find out how: https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html

Governments in Greece, Moldova, Tunisia, Vietnam, and Pakistan were targeted.

Kubernetes isn't just a tool; it's a target now!

Join this wxpert-led cybersecurity WEBINAR on fighting cloud security threats – essential knowledge for every IT security pro.

🔗 Click here to register: https://thn.news/2L7nEtoM

🚨 CISA adds 3 security flaws to its KEV catalog due to active exploitation.

CVE-2023-1671: Enables arbitrary code execution.
CVE-2023-2551: Affects WebLogic Server.
CVE-2023-36584: Associated with pro-Russian APT's spear-phishing.

Read: https://thehackernews.com/2023/11/cisa-adds-three-security-flaws-with.html

🕵️‍♂️ U.S. agencies warn about Scattered Spider cybercriminals using advanced phishing to steal data and extort victims.

Learn their tactics, protect your organization: https://thehackernews.com/2023/11/us-cybersecurity-agencies-warn-of.html

🐍⚠️ WARNING for Python Devs!

📦 27 FAKE packages found on PyPI.
🕵️‍♂️ Masquerading as legit, downloaded thousands of times.

Learn how they embed malware in images using steganography.

🔗 Read more: https://thehackernews.com/2023/11/27-malicious-pypi-packages-with.html

⚡ FCC enforces new regulation:

🔒 Wireless providers MUST now authenticate you before transferring phone numbers. Why? To SHIELD you from SIM-swapping attacks and port-out frauds.

Learn more: https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html

⚠️ Operation SEO#LURKER: Cybercriminals are using fake Google ads to trick users searching for software like WinSCP into downloading #malware.

Read details: https://thehackernews.com/2023/11/beware-malicious-google-ads-trick.html

Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.

It spreads malware via USB drives & communicates with C&C servers.

Learn more about this threat: https://thehackernews.com/2023/11/russian-cyber-espionage-group-deploys.html

Researchers report a surge in attacks by the 8Base ransomware group, using Phobos variants.

This group has been active since March 2022, and now relies more on SmokeLoader for distributing ransomware.

Learn more: https://thehackernews.com/2023/11/8base-group-deploying-new-phobos.html

Indian Hack-for-Hire group targeted U.S., China, Pakistan, and more for over a decade. They stole sensitive data from high-value individuals/organizations using spyware and exploits (reportedly) from vendors like Vervata and Vupen.

Read: https://thehackernews.com/2023/11/indian-hack-for-hire-group-targeted-us.html

🚨 Bitcoin wallets created from 2011 to 2015 vulnerable to "Randstorm" exploit, potentially allowing unauthorized access by recovering passwords.

Learn more: https://thehackernews.com/2023/11/randstorm-exploit-bitcoin-wallets.html

🐛⚠️💻 New LummaC2 malware version is using trigonometry-based tactic to differentiate between users and security systems, evading sandboxes and security analyses.

Learn more: https://thehackernews.com/2023/11/lummac2-malware-deploys-new.html

New high-volume phishing campaigns mimic tactics of defunct QakBot trojan, hijacking email threads and using unique URLs to deliver DarkGate and PikaBot malware.

Learn more: https://thehackernews.com/2023/11/darkgate-and-pikabot-malware-resurrect.html

🚨 Threat Alert: Hackers are using NetSupport RAT to target education, government, and business services. Delivery methods include fraudulent updates, drive-by downloads, malware loaders, and phishing campaigns.

Learn more https://thehackernews.com/2023/11/netsupport-rat-infections-on-rise.html

Mustang Panda, a Chinese cyber actor, linked to a cyber attack on a Philippines government entity amidst rising tensions over the disputed South China Sea.

Find out more in this report: https://thehackernews.com/2023/11/mustang-panda-hackers-targets.html

📱 Alert: Android users in India, beware! Hackers are distributing fake banking and government apps to steal sensitive data like bank info and personal details.

Learn more: https://thehackernews.com/2023/11/malicious-apps-disguised-as-banks-and.html

Phishing attacks are getting smarter! Cybercriminals are now using QR codes, CAPTCHAs, and steganography to trick victims.

Learn how to spot the signs and protect yourself from credential theft.

Read: https://thehackernews.com/2023/11/how-multi-stage-phishing-attacks.html