A software likely used by Russian Consular Department may have been compromised in a cyberattack linked to North Korea, delivering the Konni RAT malware.

Learn more: https://thehackernews.com/2024/02/russian-government-software-backdoored.html

🚨 Threat Alert: Hackers are now weaponizing SSH-Snake, an open-source, self-replicating, fileless network mapping tool, for malicious purposes.

Find details here: https://thehackernews.com/2024/02/cybercriminals-weaponizing-open-source.html

U.S. State Department is offering rewards up to $15 Million for information on LockBit #ransomware leaders.

Learn more: https://thehackernews.com/2024/02/us-offers-15-million-bounty-to-hunt.html

Did you know? 25% of SaaS is underutilized or over-deployed.

Nudge Security offers automated workflows to manage access, ensure compliance, streamline offboarding, and optimize costs.

Learn more: https://thehackernews.com/2024/02/6-ways-to-simplify-saas-identity.html

WTF is ASPM? Join the conversation on Feb. 28th with James Berthoty, SecEng at Pager Duty and OX Security, to learn about the emerging ASPM market.

James will share insights on what's working, what's not and implementation strategies.

Register now: https://thehackernews.co/realities-of-aspm

⚡ Apple's iMessage is getting a major security upgrade with PQ3, a new post-quantum cryptography protocol that protects against future attacks from quantum computers.

Learn more: https://thehackernews.com/2024/02/apple-unveils-pq3-protocol-post-quantum.html

FTC fined Avast $16.5 million for collecting and selling users' browsing data despite privacy promises.

Full story: https://thehackernews.com/2024/02/ftc-slams-avast-with-165-million-fine.html

Researchers uncovered details of a major vulnerability (CVE-2024-23204) in the Apple Shortcuts app that could have exposed sensitive user data without consent on older iOS, iPadOS, macOS, and watchOS devices.

Learn more: https://thehackernews.com/2024/02/researchers-detail-apples-recent-zero.html

Hacktivism is reshaping the battlefield in digital age wars. Witness how cyber-activism is playing a pivotal role in geopolitical conflicts. Dive deeper into the transformation of hacktivism into a mainstream political tool.

Read: https://thehackernews.com/2024/02/a-new-age-of-hacktivism.html

Microsoft releases PyRIT, an automation tool designed to proactively identify risks and ethical concerns in Generative AI systems, including security and #privacy threats.

Learn more: https://thehackernews.com/2024/02/microsoft-releases-pyrit-red-teaming.html

Ever wondered how top security teams stay ahead?

It's all about automation! Learn from the SOC Automation Capability Matrix and transform your response to threats.

Explore now ➡️ https://thehackernews.com/2024/02/how-to-use-tiness-soc-automation.html

🚨 Heads Up - The "django-log-tracker" PyPI package, inactive for over 2 years, has been hijacked to distribute the Nova Sentinel malware.

Learn more: https://thehackernews.com/2024/02/dormant-pypi-package-compromised-to.html

Game over? In a dramatic turn of events, LockBitSupp, a key figure in the notorious LockBit ransomware operation, is "reportedly" cooperating with law enforcement.

Find details here: https://thehackernews.com/2024/02/authorities-claim-lockbit-admin.html

Cybercriminals are using Google's Cloud Run service to launch large-scale email phishing attacks, distributing banking trojans like Astaroth, Mekotio, and Ousaban.

Read: https://thehackernews.com/2024/02/banking-trojans-target-latin-america.html

🚨 LockBit ransomware operators are back online after a law enforcement takedown, blaming outdated software for the breach.

They are now calling for increased attacks on the government sector.

Find out more: https://thehackernews.com/2024/02/lockbit-ransomware-group-resurfaces.html

Fake npm packages traced back to North Korean hackers, aiming at developers with sophisticated credential-stealing scripts.

Learn more: https://thehackernews.com/2024/02/north-korean-hackers-targeting.html

Protect your projects—verify your dependencies now.

🤖 Think LLMs are foolproof? Think again! Hackers are exploiting them to steal sensitive data. Protect yourself – learn the latest LLM security risks and how to defend against them.

🔗 Learn more: https://thehackernews.com/2024/02/three-tips-to-protect-your-secrets-from.html

Over 8,000 subdomains belonging to recognized brands and organizations are being exploited for malicious email distribution.

Learn more: https://thehackernews.com/2024/02/8000-subdomains-of-trusted-brands.html

SPF, DKIM, DMARC – they're not enough. "ResurrecAds" is bypassing email security measures with alarming ease.

🚨 Malicious cyber campaign targets Ukrainian entities in Finland with Remcos RAT via IDAT Loader, utilizing rare steganography technique.

Learn more: https://thehackernews.com/2024/02/new-idat-loader-attacks-using.html

⚠️ Alert — Critical security flaw (CVE-2024-1071) found in Ultimate Member WordPress plugin used by 200k sites.

Read more: https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html

Update to version 2.8.3 to fix SQL injection vulnerability and prevent data breaches.

🤖 Security researchers have uncovered a new vulnerability in Hugging Face's Safetensors conversion service that could lead to supply chain attacks, compromising user-submitted models.

Read details: https://thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html