π¨ Alert: A new phishing campaign uses a Java-based downloader to distribute VCURMS & STRRAT RATs, leveraging public services like AWS & GitHub for malware hosting.
Learn more: https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html
Learn more: https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html
π±11π4π1
Beware of adversary-in-the-middle attacks: Hackers create fake login pages to steal credentials and manipulate MFA prompts. Protect yourself by verifying websites and being cautious with links
Read: https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html
Read: https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html
π₯12π7π1
Researchers reveal Google's Gemini AI is vulnerable to LLM attacks that could leak sensitive data, generate harmful content, and be used for malicious purposes.
Read: https://thehackernews.com/2024/03/researchers-highlight-googles-gemini-ai.html
Read: https://thehackernews.com/2024/03/researchers-highlight-googles-gemini-ai.html
π27π5
Cybercriminals are now targeting the latest weak spotβidentities within SaaS applications.
Join our webinar to learn how to secure both human and non-human identities against data breaches and financial losses.
Register now: https://thehackernews.com/2024/03/join-our-webinar-on-protecting-human.html
Join our webinar to learn how to secure both human and non-human identities against data breaches and financial losses.
Register now: https://thehackernews.com/2024/03/join-our-webinar-on-protecting-human.html
π19π2
Latest version of PixPirate Android banking trojan evades detection by removing the ability to launch the app from the home screen. The complex infection chain involves both a downloader and the main malicious app working in tandem.
Read: https://thehackernews.com/2024/03/pixpirate-android-banking-trojan-using.html
Read: https://thehackernews.com/2024/03/pixpirate-android-banking-trojan-using.html
π11π₯5
Tools of the Trade: Anti-malware scanning, WAFs, and sandboxing alone aren't sufficient for protecting against malicious uploads.
Learn why and discover what offers better protection in our detailed analysis: https://thehackernews.com/2024/03/demystifying-common-cybersecurity-myth.html
Learn why and discover what offers better protection in our detailed analysis: https://thehackernews.com/2024/03/demystifying-common-cybersecurity-myth.html
π₯9π8π€―4π2
β οΈ Vulnerability Alert: Fortinet warns of a severe SQL Injection vulnerability (CVE-2023-48788) in FortiClientEMS allowing unauthenticated attackers to execute code remotely.
Details: https://thehackernews.com/2024/03/fortinet-warns-of-severe-sqli.html
Check if your versions are affected and upgrade ASAP!
Details: https://thehackernews.com/2024/03/fortinet-warns-of-severe-sqli.html
Check if your versions are affected and upgrade ASAP!
π21π€―9π6π₯4
π A new DarkGate malware campaign uses a recently patched #Microsoft Windows flaw (CVE-2024-21412) to deploy malicious software via bogus installers.
Learn more: https://thehackernews.com/2024/03/darkgate-malware-exploits-recently.html
Learn more: https://thehackernews.com/2024/03/darkgate-malware-exploits-recently.html
π₯16π€―6π2π1π±1
Researchers detail a high-severity flaw in Kubernetes, CVE-2023-5528, that allowed attackers remote code execution with SYSTEM privileges on Windows endpoints within a cluster.
Learn more: https://thehackernews.com/2024/03/researchers-detail-kubernetes.html
Learn more: https://thehackernews.com/2024/03/researchers-detail-kubernetes.html
π11π₯9π1
RedCurl cybercrime group found exploiting Windows Program Compatibility Assistant for malicious activities. This sophisticated method allows attackers to bypass security and run malicious commands.
Read: https://thehackernews.com/2024/03/redcurl-cybercrime-group-abuses-windows.html
Read: https://thehackernews.com/2024/03/redcurl-cybercrime-group-abuses-windows.html
π12π₯8π1
Blind Eagle expands its cyber threats, now using Ande Loader malware to deliver RATs via phishing.
Targets? Spanish-speaking manufacturing industry in North America
Read: https://thehackernews.com/2024/03/ande-loader-malware-targets.html
Targets? Spanish-speaking manufacturing industry in North America
Read: https://thehackernews.com/2024/03/ande-loader-malware-targets.html
π13π₯7π1
Russian-Canadian national Mikhail Vasiliev has been sentenced to nearly 4 years in prison for his role in the infamous LockBit ransomware operation and has been ordered to pay over $860,000 in restitution.
Read details here: https://thehackernews.com/2024/03/lockbit-ransomware-hacker-ordered-to.html
Read details here: https://thehackernews.com/2024/03/lockbit-ransomware-hacker-ordered-to.html
π15π13π€―12
π Balancing act for CISOs: Ensuring security without hindering productivity.
Discover how Cato SSE 360, part of the Cato SASE Cloud platform, nails this balance by optimizing cost, complexity, and user experience.
Read: https://thehackernews.com/2024/03/3-things-cisos-achieve-with-cato.html
Discover how Cato SSE 360, part of the Cato SASE Cloud platform, nails this balance by optimizing cost, complexity, and user experience.
Read: https://thehackernews.com/2024/03/3-things-cisos-achieve-with-cato.html
π8π4π2
π¨ Alert for Chinese software seekers! Bogus ads on search engines like Baidu lead to fake Notepad++ & VNote downloads, deploying the Geacon trojan. Double-check URLs!
Read: https://thehackernews.com/2024/03/malicious-ads-targeting-chinese-users.html
Read: https://thehackernews.com/2024/03/malicious-ads-targeting-chinese-users.html
π10π₯6π1
Get the inside scoop on 2024's top threats.
We're thrilled to invite you to a series of webinars that will redefine your understanding of #cybersecurity in the era of SaaS, Generative AI, and comprehensive application protection.
REGISTER NOW π https://www.linkedin.com/pulse/saas-app-gen-ai-security-3-new-must-attend-live-webinars-fd9pc/
We're thrilled to invite you to a series of webinars that will redefine your understanding of #cybersecurity in the era of SaaS, Generative AI, and comprehensive application protection.
REGISTER NOW π https://www.linkedin.com/pulse/saas-app-gen-ai-security-3-new-must-attend-live-webinars-fd9pc/
Linkedin
SaaS, App and Gen AI Security - 3 New Must-Attend Live Webinars
In a digital era where cyber threats evolve faster than a blink, staying ahead isn't just an advantage; it's a necessity. We're thrilled to invite you to a groundbreaking series of webinars that will redefine your understanding of cybersecurity in the eraβ¦
π6π5π€4
π‘οΈ Google rolls out an enhanced Safe Browsing feature for Chrome on desktop & iOS.
Now with real-time URL checks against known malicious sites, aiming to block 25% more phishing attempts.
Learn more: https://thehackernews.com/2024/03/google-introduces-enhanced-real-time.html
Now with real-time URL checks against known malicious sites, aiming to block 25% more phishing attempts.
Learn more: https://thehackernews.com/2024/03/google-introduces-enhanced-real-time.html
π17π€9π6π₯5β‘2π2
Researchers have uncovered new threat in third-party plugins for OpenAI's ChatGPT that could allow attackers to install malicious plugins without users' consent and hijack accounts on third-party websites such as GitHub.
Read: https://thehackernews.com/2024/03/third-party-chatgpt-plugins-could-lead.html
Read: https://thehackernews.com/2024/03/third-party-chatgpt-plugins-could-lead.html
π₯20π8π±5π2
Researchers have uncovered "GhostRace" (CVE-2024-2193), a new variation of the Spectre v1 vulnerability affecting CPUs with speculative execution. This attack exploits race conditions to allow attackers to leak sensitive data.
Read: https://thehackernews.com/2024/03/ghostrace-new-data-leak-vulnerability.html
Read: https://thehackernews.com/2024/03/ghostrace-new-data-leak-vulnerability.html
π₯22π8π3
Watch Out! Hackers are using fake cracked software on GitHub to spread the RisePro information-stealing malware.
Read: https://thehackernews.com/2024/03/hackers-using-cracked-software-on.html
Read: https://thehackernews.com/2024/03/hackers-using-cracked-software-on.html
π18π€―9π8π₯3π2
β οΈ ALERT: Russian hackers, APT28, have launched significant phishing attacks targeting governments and NGOs across Europe, the Americas, and Asia. These attacks deploy counterfeit documents that appear official.
Read: https://thehackernews.com/2024/03/apt28-hacker-group-targeting-europe.html
Read: https://thehackernews.com/2024/03/apt28-hacker-group-targeting-europe.html
π€17π9π₯8π±5π2π2
π¨ Critical flaw discovered in miniOrange WordPress plugins.
If you're using miniOrange's Malware Scanner (β€ 4.7.2) or Web Application Firewall (β€ 2.1.1), DELETE THEM IMMEDIATELY.
The vulnerability allows attackers to take over your site.
https://thehackernews.com/2024/03/wordpress-admins-urged-to-remove.html
If you're using miniOrange's Malware Scanner (β€ 4.7.2) or Web Application Firewall (β€ 2.1.1), DELETE THEM IMMEDIATELY.
The vulnerability allows attackers to take over your site.
https://thehackernews.com/2024/03/wordpress-admins-urged-to-remove.html
π21π8π₯1π€1