Web applications are everywhere in our digital lives, but they're also prime targets for attackers.

Learn about the most common vulnerabilities and how to secure your apps.

Read: https://thehackernews.com/2023/12/bug-or-feature-hidden-web-application.html

Crypto hardware wallet maker Ledger faces a major software breach, resulting in the theft of $600,000+ worth of virtual assets.

Read details here: https://thehackernews.com/2023/12/crypto-hardware-wallet-ledgers-supply.html

A new powerful botnet, KV-botnet, is using compromised firewalls and routers (such as Cisco, DrayTek, Fortinet, and NETGEAR) to conduct covert data transfers.

Learn more about this: https://thehackernews.com/2023/12/new-kv-botnet-targeting-cisco-draytek.html

⚠️ Microsoft warns of "Storm-0539," a growing threat orchestrating gift card fraud via email and SMS phishing attacks during the holidays.

Learn more: https://thehackernews.com/2023/12/microsoft-warns-of-storm-0539-rising.html

Stay vigilant, don't become a victim.

China's MIIT unveils a color-coded system to tackle data security incidents:

🔴 especially significant
🟠 significant
🟡 large
🔵 general

Understand the criteria used for classification: https://thehackernews.com/2023/12/chinas-miit-introduces-color-coded.html

⚠️ Attention: MongoDB, the database software company, has disclosed a security breach with unauthorized access to corporate systems, potentially compromising customer account information.

Learn more: https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html

CISA warns of severe risks from threat actors exploiting default passwords on internet-exposed systems.

Manufacturers urged to adopt secure by design principles and use unique setup passwords.

Learn more: https://thehackernews.com/2023/12/cisa-urges-manufacturers-eliminate.html

🚨Alert: QakBot malware is back!

Microsoft discovered a low-volume campaign targeting the hospitality industry, masquerading as IRS employees.

Learn more about this threat: https://thehackernews.com/2023/12/qakbot-malware-resurfaces-with-new.html

Four U.S. nationals charged in $80 MILLION pig butchering #cryptocurrency investment scam. If convicted, they could face 20 years in prison.

Learn more: https://thehackernews.com/2023/12/four-us-nationals-charged-in-80-million.html

Rhadamanthys malware evolves with new features, including a customizable plugin system, capable of harvesting sensitive data from various sources, including web browsers and crypto wallets.

Learn more: https://thehackernews.com/2023/12/rhadamanthys-malware-swiss-army-knife.html

🛡️ Security often takes a backseat in the digital transformation journey. Discover the risks associated with quick app creation using LCNC and RPA tools.

Also, here a 4-step process to safeguard your apps: https://thehackernews.com/2023/12/unmasking-dark-side-of-low-codeno-code.html

⚡ Researchers reveal new details about Microsoft 📧 Outlook vulnerabilities that could allow attackers to achieve RCE on Outlook without any user interaction.

Learn how these zero-click exploits were discovered: https://thehackernews.com/2023/12/beware-experts-reveal-new-details-on.html

Play ransomware has targeted ~300 organizations worldwide as of October 2023, using a double-extortion model.

Ransomware attacks are evolving, with vulnerabilities replacing phishing emails as the primary entry point.

Read: https://thehackernews.com/2023/12/double-extortion-play-ransomware.html

🚨 Threat Alert: The notorious 8220 Gang is exploiting a high-severity flaw (CVE-2020-14883) in Oracle WebLogic Server to spread malware.

Find details here: https://thehackernews.com/2023/12/8220-gang-exploiting-oracle-weblogic.html

🦠 PikaBot, a dangerous loader, is spreading via malvertising campaigns targeting users searching for legit software like AnyDesk.

Learn more: https://thehackernews.com/2023/12/new-malvertising-campaign-distributing.html

One misconfiguration = data breach nightmare.

Your SaaS apps hold your secrets. 70% of businesses rely on them for data, but are you securing them right?

Don't wait for chaos, automate.

Click to learn 2024's must-have SaaS security tools: https://thehackernews.com/2023/12/top-7-trends-shaping-saas-security-in.html

🕵️‍♂️ Iranian cyber espionage group MuddyWater targets telecom sectors in Egypt, Sudan, and Tanzania using the MuddyC2Go framework.

Learn how they stay under the radar: https://thehackernews.com/2023/12/iranian-hackers-using-muddyc2go-in-new.html

🕵️‍♂️ Malicious actors are turning to GitHub for their nefarious activities, utilizing secret Gists and git commit messages to evade detection.

Learn how they blend in with legitimate traffic: https://thehackernews.com/2023/12/hackers-abusing-github-to-evade.html

🔒 Budgeting for 2024? Don't forget to allocate funds for security awareness training. Discover why it's crucial for your organization.

Read: https://thehackernews.com/2023/12/are-we-ready-to-give-up-on-security.html

💻 Cybersecurity researchers expose the inner workings of a major ransomware operation led by Russian national Mikhail Pavlovich Matveev.

Learn how this cybercriminal orchestrated attacks worldwide: https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html

🔒 Breaking News — FBI hacks the hackers!

U.S. Justice Department disrupts the BlackCat ransomware operation, the second most prolific RaaS variant, and releases a FREE decryption tool, saving victims from $68 million in ransom demands.

Details: https://thehackernews.com/2023/12/fbi-takes-down-blackcat-ransomware.html