🚨 A new hacker group, GambleForce, is behind a string of SQL injection attacks across Asia-Pacific. Learn how they use basic techniques to steal sensitive data.

Read more: https://thehackernews.com/2023/12/new-hacker-group-gambleforce-tageting.html

Iranian state-sponsored group OilRig deployed three new malware downloader (ODAgent, OilCheck, and OilBooster) in 2022 to maintain access to Israeli organizations.

Learn more: https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html

⚠️ Warning: Russian SVR-linked APT29 targets unpatched JetBrains TeamCity servers using CVE-2023-42793, a vulnerability enabling remote code execution by unauthenticated attackers.

Details 👉 https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html

🤖 Manual vs. automated network penetration testing: Which is better?

Find out the pros and cons of each method: https://thehackernews.com/2023/12/reimagining-network-pentesting-with.html

🚨Cybersecurity alert! 116 malicious packages discovered on PyPI repository, posing a threat to Windows and Linux systems.

Learn more: https://thehackernews.com/2023/12/116-malware-packages-found-on-pypi.html

These packages aim to compromise hosts with backdoors for remote control and data theft.

💻 Gaza Cyber Gang, a pro-Hamas threat actor, is using an updated backdoor malware called Pierogi++ to target Palestinian entities. Be cautious of suspicious documents in your inbox.

Read: https://thehackernews.com/2023/12/new-pierogi-malware-by-gaza-cyber-gang.html

🌐 A novel malware named NKAbuse has surfaced, utilizing blockchain technology for DDoS attacks. This decentralized protocol enables attackers to communicate and evade detection.

Learn more: https://thehackernews.com/2023/12/new-nkabuse-malware-exploits-nkn.html

🍪 Say goodbye to third-party cookies!

Starting Jan 4, 2024, 1% of Google Chrome users will get a new test feature called "Tracking Protection" to block third-party cookies by default.

Read: https://thehackernews.com/2023/12/googles-new-tracking-protection-in.html

Multiple security vulnerabilities have been found in the open-source pfSense firewall solution, potentially allowing attackers to execute arbitrary commands.

Read: https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html

Web applications are everywhere in our digital lives, but they're also prime targets for attackers.

Learn about the most common vulnerabilities and how to secure your apps.

Read: https://thehackernews.com/2023/12/bug-or-feature-hidden-web-application.html

Crypto hardware wallet maker Ledger faces a major software breach, resulting in the theft of $600,000+ worth of virtual assets.

Read details here: https://thehackernews.com/2023/12/crypto-hardware-wallet-ledgers-supply.html

A new powerful botnet, KV-botnet, is using compromised firewalls and routers (such as Cisco, DrayTek, Fortinet, and NETGEAR) to conduct covert data transfers.

Learn more about this: https://thehackernews.com/2023/12/new-kv-botnet-targeting-cisco-draytek.html

⚠️ Microsoft warns of "Storm-0539," a growing threat orchestrating gift card fraud via email and SMS phishing attacks during the holidays.

Learn more: https://thehackernews.com/2023/12/microsoft-warns-of-storm-0539-rising.html

Stay vigilant, don't become a victim.

China's MIIT unveils a color-coded system to tackle data security incidents:

🔴 especially significant
🟠 significant
🟡 large
🔵 general

Understand the criteria used for classification: https://thehackernews.com/2023/12/chinas-miit-introduces-color-coded.html

⚠️ Attention: MongoDB, the database software company, has disclosed a security breach with unauthorized access to corporate systems, potentially compromising customer account information.

Learn more: https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html

CISA warns of severe risks from threat actors exploiting default passwords on internet-exposed systems.

Manufacturers urged to adopt secure by design principles and use unique setup passwords.

Learn more: https://thehackernews.com/2023/12/cisa-urges-manufacturers-eliminate.html

🚨Alert: QakBot malware is back!

Microsoft discovered a low-volume campaign targeting the hospitality industry, masquerading as IRS employees.

Learn more about this threat: https://thehackernews.com/2023/12/qakbot-malware-resurfaces-with-new.html

Four U.S. nationals charged in $80 MILLION pig butchering #cryptocurrency investment scam. If convicted, they could face 20 years in prison.

Learn more: https://thehackernews.com/2023/12/four-us-nationals-charged-in-80-million.html

Rhadamanthys malware evolves with new features, including a customizable plugin system, capable of harvesting sensitive data from various sources, including web browsers and crypto wallets.

Learn more: https://thehackernews.com/2023/12/rhadamanthys-malware-swiss-army-knife.html

🛡️ Security often takes a backseat in the digital transformation journey. Discover the risks associated with quick app creation using LCNC and RPA tools.

Also, here a 4-step process to safeguard your apps: https://thehackernews.com/2023/12/unmasking-dark-side-of-low-codeno-code.html

⚡ Researchers reveal new details about Microsoft 📧 Outlook vulnerabilities that could allow attackers to achieve RCE on Outlook without any user interaction.

Learn how these zero-click exploits were discovered: https://thehackernews.com/2023/12/beware-experts-reveal-new-details-on.html