Italy's data watchdog accuses ChatGPT of violating EU privacy laws by collecting sensitive data and exposing children to inappropriate content.

Read the details here, including Apple's warning about the proposed U.K. law → https://thehackernews.com/2024/01/italian-data-protection-watchdog.html

🔒 Strengthening Your Cybersecurity Posture.

Did you know that less than half of cybersecurity pros have complete visibility into vulnerabilities? Regular assessments are key.

Learn more: https://thehackernews.com/2024/01/top-security-posture-vulnerabilities.html

🕵️‍♂️ Chinese hackers, Mustang Panda, targeted Myanmar's Ministry of Defence and Foreign Affairs using custom malware like PUBLOAD and TONESHELL. They delivered it through disguised Microsoft updates and booby-trapped files.

Read details: https://thehackernews.com/2024/01/china-linked-hackers-target-myanmars.html

🚀 ANYRUN now supports Linux!

🐧 Linux faces frequent cyber threats targeting passwords, browser data, wallets, and logins. But with ANYRUN update you can:

✔️ Collect #IOCs using Ubuntu VM
✔️ Analyze Linux-based malware

Try ANYRUN free today! https://thehackernews.co/malware-sandbox

Hackers could write ANY file on your GitLab server while creating a workspace. This critical flaw (CVE-2024-0402) affects all versions before 16.5.8!

Patch NOW. Details here → https://thehackernews.com/2024/01/urgent-upgrade-gitlab-critical.html

Big Bust in Brazil: Key Grandoreiro #malware operators Arrested!

Brazilian law enforcement has taken down a major cybercrime ring behind the notorious Grandoreiro banking trojan.

Find details here → https://thehackernews.com/2024/01/brazilian-feds-dismantle-grandoreiro.html

🚨 A new glibc flaw (CVE-2023-6246) gives attackers root access on Linux.

This high-severity vulnerability impacts major distros like Debian, Ubuntu, and Fedora. Don't wait, update your systems!

Find details here → https://thehackernews.com/2024/01/new-glibc-flaw-grants-attackers-root.html

⚠️ Chinese nation-state hacker group UTA0178 weaponized Ivanti VPN vulnerabilities to deploy the Rust-based KrustyLoader, cryptocurrency miners, and the Golang-based Silver post-exploitation framework.

Read details here → https://thehackernews.com/2024/01/chinese-hackers-exploiting-critical-vpn.html

☠️ Plug it in, get hacked!

Threat group UNC4990 weaponizes USBs to target Italian businesses, healthcare, transportation, and more. They steal crypto, hijacks wallets & even takes screenshots.

Learn how this threat actor operates → https://thehackernews.com/2024/01/italian-businesses-hit-by-weaponized.html

CISOs, heads up! SEC is tightening SaaS security regulations.

New regulations hold companies responsible for data breaches in SaaS apps and their connected 3rd-party tools.

Learn more: https://thehackernews.com/2024/01/the-sec-wont-let-cisos-be-understanding.html

Also, get a new report to assess whether you're vulnerable.

Forget the dark web!

Free samples, tutorials, kits... everything needed for a complete phishing attack ... Hackers are building phishing empires on Telegram, with tools and data as cheap as takeout.

Learn more: https://thehackernews.com/2024/01/telegram-marketplaces-fuel-phishing.html

⚡ ALERT: Two high-severity flaws found in Ivanti's Connect Secure, Policy Secure and Neurons for ZTA.

CVE-2024-21893 is actively exploited, granting access to restricted resources. CVE-2024-21888 enables escalation to admin.

Details → https://thehackernews.com/2024/01/alert-ivanti-discloses-2-new-zero-day.html

⚠️ Critical Apple kernel bug in iOS, macOS, and more exploited in the wild. CISA urges FCEB agencies to patch by February 21st.

Get the details: https://thehackernews.com/2024/02/cisa-warns-of-active-exploitation-of.html

Don't wait for a breach, take action now.

⚠️ Warning - Chinese espionage group UNC5221 attacking Ivanti Connect Secure VPN & Policy Secure devices, and using custom web shells like BUSHWALK, CHAINLINE, FRAMESTING, and LIGHTWIRE variant.

Details here → https://thehackernews.com/2024/02/warning-new-malware-emerges-in-attacks.html

Patch ASAP!

Sysadmins, beware!

New HeadCrab 2.0 malware is using fileless techniques to turn Redis servers into a botnet for illegal cryptocurrency mining.

Details here → https://thehackernews.com/2024/02/headcrab-20-goes-fileless-targeting.html

🛡️ U.S. government took down a China-linked 'KV-botnet' malware network that hijacked hundreds of SOHO routers to target critical infrastructure such as power grids and hospitals.

More details here → https://thehackernews.com/2024/02/us-feds-shut-down-china-linked-kv.html

Alert, Docker users! A cryptojacking campaign called "Commando Cat" is exploiting exposed APIs. Secure your instances now.

Learn more → https://thehackernews.com/2024/02/exposed-docker-apis-under-attack-in.html

🔐 Is your vulnerability management program truly effective?

Learn how tracking metrics like cyber hygiene, scan coverage, and risk score can boost 💪 your organization's security.

Get the insights you need: https://thehackernews.com/2024/02/why-right-metrics-matter-when-it-comes.html

🚨 FritzFrog botnet returns, using Log4Shell, memory-resident payloads, and PwnKit to exploit unpatched INTERNAL systems. Employing new tactics to stay hidden and evade detection.

Learn more about FritzFrog → https://thehackernews.com/2024/02/fritzfrog-returns-with-log4shell-and.html

Cloudflare, a web infrastructure company, suffered nation-state attack. Hackers accessed documentation, source code, and attempted data center breach.

Read full story for details: https://thehackernews.com/2024/02/cloudflare-breach-nation-state-hackers.html

🔒 INTERPOL disrupted a massive cybercrime network with 1,900 IP addresses. 70 suspects identified, 31 arrested across Europe, South Sudan, and Zimbabwe.

Details here → https://thehackernews.com/2024/02/interpol-arrests-31-in-global-operation.html