Researchers discovered a vulnerability where remote attackers can steal Windows user's NTLM tokens by tricking victims into opening a crafted Access file. Learn more about it.

Learn more: https://thehackernews.com/2023/11/hackers-can-exploit-forced.html

Underground markets are booming with over 24 billion credentials for sale. 49% of breaches in 2023 involved stolen credentials.

Are you aware of how these are obtained?

Stay ahead of cybercriminals, check our article on credential theft and PhaaS: https://thehackernews.com/2023/11/how-hackers-phish-for-your-users.html

Lazarus Group's evolving cyber tactics target macOS systems by combining elements from multiple #malware campaigns (like RustBucket and KANDYKORN) for better effectiveness and to avoid detection.

Learn more: https://thehackernews.com/2023/11/n-korean-hackers-mixing-and-matching.html

🚨 Researchers reveal a critical design flaw in Google Workspace, dubbed "DeleFriend," that could allow attackers to steal emails, exfiltrate data, and more without super admin privileges.

Find details here: https://thehackernews.com/2023/11/design-flaw-in-google-workspace-could.html

🔒 Worried about securing sensitive data in the cloud?

Explore the success story of SoFi, a cloud-native financial services provider and their journey with Sentra's DSPM for accurate data classification.

Don't miss this informative 🎙️ webinar: https://thehackernews.com/2023/11/transform-your-data-security-posture.html

🚨 Chrome users, it's time to upgrade!

Google released security updates for Chrome to fix seven issues, including an actively exploited zero-day vulnerability (CVE-2023-6345).

Find details here: https://thehackernews.com/2023/11/zero-day-alert-google-chrome-under.html

🚨 Apache ActiveMQ's CVE-2023-46604 flaw is under active exploitation by hackers to distribute two dangerous programs: GoTitan, a Go-based botnet, and PrCtrl Rat, a .NET threat.

Read details: https://thehackernews.com/2023/11/gotitan-botnet-spotted-exploiting.html

🚨 Beware of Xaro! This new DJVU ransomware variant spreads through cracked software, endangering users who download from untrusted sources.

It goes further by deploying information stealers like RedLine Stealer and Vidar.

Learn more: https://thehackernews.com/2023/11/djvu-ransomwares-latest-variant-xaro.html

🔐 🚨 Okta detected additional malicious activity tied to the October 2023 Data Breach.

Names and emails of support system users were compromised, affecting Workforce Identity Cloud and Customer Identity Solution customers.

Learn more: https://thehackernews.com/2023/11/okta-discloses-additional-data-breach.html

🔒 U.S. Treasury imposes sanctions on Sinbad, a virtual currency 💰 mixer used by Lazarus Group to launder millions from heists.

Learn more: https://thehackernews.com/2023/11/us-treasury-sanctions-sinbad.html

⚠️ CACTUS ransomware campaign has been observed exploiting vulnerabilities in the Qlik Sense cloud analytics and business intelligence platform for initial access to targeted environments.

Learn more ➥ https://thehackernews.com/2023/11/cactus-ransomware-exploits-qlik-sense.html

🕵️‍♂️💻 WEBINAR ALERT:

Insider threats are a silent danger. Join our expert-led webinar to learn innovative approaches to master application detection and response, safeguarding your IT environment.

Save your seat now ➥ https://thehacker.news/app-detection-response

North Korean hackers have stolen an estimated 💰 $3 BILLION in crypto assets, with $1.7 billion taken in 2022 📈 alone, as a means to bypass sanctions against the country.

Find details here ➥ https://thehackernews.com/2023/11/north-koreas-lazarus-group-rakes-in-3.html

Modern websites rely on 3rd-party apps, but can you trust them with your data?

Traditional antivirus-based approaches aren't enough for web security. A proactive approach is key, reducing false alarms and prioritizing real risks.

Read the report: https://thehackernews.com/2023/11/discover-why-proactive-web-security.html

Goodbye inbox clutter!

#Google introduces RETVec, a powerful multilingual text vectorizer, to enhance #Gmail's ability to detect spam and malicious emails.

It detects character-level manipulations in over 100 languages.

Read here ➥ https://thehackernews.com/2023/11/google-unveils-retvec-gmails-new.html

🔒 🕵️‍♂️ Identifying and categorizing third-party connections is key to understanding security threats.

Discover how SaaS Security Posture Management (SSPM) can shed light on your risks.

Read here ➥ https://thehackernews.com/2023/11/this-free-solution-provides-essential.html

🔐 Discover 7 incredible ways AI is transforming security operations:

✅ Information Management
✅ Malware Analysis
✅ Tool Development
✅ Risk Evaluation
✅ Tabletop Exercises
✅ Incident Response
✅ Threat Intelligence

Learn more ➥ https://thehackernews.com/2023/11/7-uses-for-generative-ai-to-enhance.html

🚨 Urgent: Update your devices ASAP!

Two critical security flaws in iOS, macOS, and Safari are under attack. Learn about CVE-2023-42916 & CVE-2023-42917 and how they can expose your sensitive data while browsing.

Details here ➥ https://thehackernews.com/2023/12/zero-day-alert-apple-rolls-out-ios.html

🚨 Attention: Zyxel released patches for 15 security issues in NAS, firewall, and AP devices. Includes 3 critical flaws allowing authentication bypass and command injection.

Details here ➥ https://thehackernews.com/2023/12/zyxel-releases-patches-to-fix-15-flaws.html

U.S. Treasury's OFAC sanctions North Korea-linked prolific hacking group Kimsuky and 8 foreign-based agents for gathering intelligence and processing stolen assets.

🔗 Read more ➥ https://thehackernews.com/2023/12/us-treasury-sanctions-north-korean.html