Iranian hackers are using fake job offers to target Middle East industries, particularly in aerospace, aviation, and defense. The cyberattacks have been linked to threat group UNC1549, backed by Iran.

Learn more: https://thehackernews.com/2024/02/iran-linked-unc1549-hackers-target.html

🛑 Attention APT hunters! Chinese hacker groups UNC5325 & UNC3886 are exploiting Ivanti flaws (CVE-2024-21893 & CVE-2024-21887) to deploy persistent malware (LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, PITHOOK).

Learn more: https://thehackernews.com/2024/02/chinese-hackers-exploiting-ivanti-vpn.html

🍷 Fancy a glass of malware? New 'SPIKEDWINE' campaign lures European diplomats with fake wine-tasting invites, deploying the sophisticated WINELOADER backdoor.

Learn more: https://thehackernews.com/2024/02/new-backdoor-targeting-european.html

⚠️ Alert, developers! North Korean hackers uploaded malware to PyPI. Packages like pycryptoenv and pycryptoconf targeted typos in popular #encryption library.

Learn more: https://thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html

U.S. President Biden signs Executive Order to prevent mass data transfers—from biometric to financial data—to 'countries of concern' due to #privacy and national security risks.

Read details here: https://thehackernews.com/2024/02/president-biden-blocks-mass-transfer-of.html

🔐 Data privacy is no longer a maybe, it's a must!

Discover how a CDP can help you ethically personalize customer experiences while complying with regulations.

Join our webinar to discover the secrets of first-party data: https://thehackernews.com/2024/02/building-your-privacy-compliant.html

⚠️ Lazarus Group hackers found exploiting a Windows kernel zero-day vulnerability (CVE-2024-21338) weeks after a patch was released, allowing them to gain system-level control and disable security software on targeted systems.

Details here: https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html

Beware! A new 🐧 Linux malware called "GTPDOOR" has been discovered that targets 📡 telecom networks and leverages the 🛜 GPRS Tunneling Protocol (GTP) for command-and-control (C2) communications.

Read details here: https://thehackernews.com/2024/02/gtpdoor-linux-malware-targets-telecoms.html

Data breaches are on the rise at an alarming rate. Is your organization's #cybersecurity strategy ready to adapt?

Don't be the next headline – take a proactive approach to cybersecurity.

Learn the key strategies to protect your business: https://thehackernews.com/2024/02/why-risk-based-approach-to.html

New attack technique "Silver SAML" bypasses protections against Golden SAML attacks in apps using Cloud Identity Providers like Microsoft Entra ID.

Read details here: https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html

Good news for devs – GitHub turned on auto secret scanning push protection by default for all pushes to public repositories.

Find out how it works: https://thehackernews.com/2024/03/github-rolls-out-default-secret.html

Five Eyes intelligence alliance warns of cyber threat actors targeting vulnerabilities in Ivanti Connect Secure and Policy Secure gateways. Four vulnerabilities under active attack.

Learn more here: https://thehackernews.com/2024/03/five-eyes-agencies-warn-of-active.html

A new Linux variant of the notorious BIFROSE RAT targets systems with sophisticated evasion techniques, employing deceptive domains to mimic VMware.

Read details – https://thehackernews.com/2024/03/new-bifrose-linux-malware-variant-using.html

🚨 Cryptocurrency users! Watch out for a sophisticated phishing attack mimicking Binance, Coinbase, Gemini & more. Don't fall for fake logins, emails, texts, or calls.

Learn more: https://thehackernews.com/2024/03/new-phishing-kit-leverages-sms-voice.html

"It'll never happen to us" = Famous last words in data disasters.

The silent heroes of cybersecurity are often the recovery plans that never get tested until D-Day. Check out these invaluable lessons from recent tech mishaps: https://thehackernews.com/2024/03/4-instructive-postmortems-on-data.html

U.S. DOJ indicted Iranian Alireza Shafie Nasab for cyberattacks on the government and private sectors, offering up to $10 million for info leading to his capture.

Learn more: https://thehackernews.com/2024/03/us-charges-iranian-hacker-offers-10.html

A U.S. court has ordered Israeli spyware company NSO Group to disclose the source code and functionality details of its Pegasus spyware to Meta (Facebook/WhatsApp).

Learn more: https://thehackernews.com/2024/03/us-court-orders-nso-group-to-hand-over.html

🚨 Multiple U.S. agencies are warning about Phobos ransomware, a RaaS deployed in widespread attacks against critical infrastructure.

Organizations need up-to-date threat intelligence – read more: https://thehackernews.com/2024/03/phobos-ransomware-aggressively.html

Roughly 100 malicious AI/ML models have been discovered on the popular Hugging Face development platform.

Read how attackers can gain full system control: https://thehackernews.com/2024/03/over-100-malicious-aiml-models-found-on.html

SaaS apps are everywhere, but are they secure? Mid-market companies face unique risks in managing app usage.

Learn how to manage SaaS security without the headaches 👇 https://thehackernews.com/2024/03/from-500-to-5000-employees-securing-3rd.html

Cybercriminals are abusing India's UPI system by using the XHelper app to launder money on a large scale. They recruit Indian money mules, offering commissions for laundering money through fake mobile payment gateways.

Learn more: https://thehackernews.com/2024/03/how-cybercriminals-are-exploiting.html