🚨 ALERT - Massive "Sign1" malware campaign has infected over 39,000 WordPress websites, redirecting unsuspecting users to scam sites through malicious JavaScript injections.

Learn more: https://thehackernews.com/2024/03/massive-sign1-campaign-infects-39000.html

Critical security flaw patched in Amazon's Managed Workflows for Apache Airflow (MWAA). Vulnerability dubbed 'FlowFixation' could have enabled account hijacking and remote code execution.

Read details: https://thehackernews.com/2024/03/aws-patches-critical-flowfixation-bug.html

⚠️ Researchers uncover a new wave of phishing attacks delivering StrelaStealer malware, impacting over 100 organizations in the E.U. and U.S.

Read details: https://thehackernews.com/2024/03/new-strelastealer-phishing-attacks-hit.html

🔒 Elevate your cybersecurity game with ThreatLocker Zero Trust Endpoint Protection Platform. A deny-by-default approach ensures you're shielded from zero-days, malware, and more.

Learn more: https://thehackernews.com/2024/03/implementing-zero-trust-controls-for.html

Mandiant connects WINELOADER backdoor to Midnight Blizzard, a Russian SVR-linked hacking group. Malware targeted German political parties with wine-tasting phishing scams.

Read more: https://thehackernews.com/2024/03/russian-hackers-use-wineloader-malware.html

🛑 German authorities dismantle Nemesis Market, a major darknet marketplace that facilitated the global trade of drugs, stolen data, and cybercrime services.

Learn more: https://thehackernews.com/2024/03/german-police-seize-nemesis-market-in.html

North Korea-linked Kimsuky threat group expands its arsenal, now using CHM files to deliver malware designed to infiltrate systems and exfiltrate sensitive data globally.

Find details here: https://thehackernews.com/2024/03/n-korea-linked-kimsuky-shifts-to.html

⚠️ Iran-linked hackers, MuddyWater, launch new phishing attacks against Israeli organizations. Group hijacks legitimate remote management software in latest campaign.

Learn more: https://thehackernews.com/2024/03/iran-linked-muddywater-deploys-atera.html

🚨 Researchers uncover "GoFetch" vulnerability in Apple M-series chips, potentially allowing attackers to extract secret cryptographic keys.

Learn more: https://thehackernews.com/2024/03/new-gofetch-vulnerability-in-apple-m.html

Researchers uncover a clever cyber attack involving stolen browser cookies & malicious code in Python packages. Topgg's GitHub account among the targets. Beware of rogue dependencies!

Read: https://thehackernews.com/2024/03/hackers-hijack-github-accounts-in.html

🚨 CISA adds 3 security flaws to its KEV catalog due to active exploitation. Flaws include severe vulnerabilities in Fortinet, Ivanti, and Nice systems.

Agencies must apply fixes by April 15, 2024.

Learn more: https://thehackernews.com/2024/03/cisa-alerts-on-active-exploitation-of.html

🚨 U.S. Treasury sanctions three cryptocurrency exchanges: Bitpapa, Crypto Explorer, and TOEP. These exchanges allegedly helped Russia evade sanctions imposed after the Ukraine invasion.

Learn more: https://thehackernews.com/2024/03/us-sanctions-3-cryptocurrency-exchanges.html

U.S. Department of Justice indicts 7 Chinese nationals linked to hacking group APT31, implicated in cyber espionage targeting U.S. critics, journalists, officials, and businesses for over 14 years.

Learn more: https://thehackernews.com/2024/03/us-charges-7-chinese-nationals-in-major.html

How can organizations ensure the security of their sensitive data?

💡 Data Security Posture Management (DSPM)

Check out Sentra's DSPM guide to learn about:
🔸How DSPM protects sensitive data
🔸Benefits of DSPM
🔸DSPM vs CSPM

https://hubs.li/Q02pXSRK0

🚨 WARNING: Malicious NuGet package 'SqzrFramework480' discovered, potentially targeting developers using Chinese industrial technology.

Read: https://thehackernews.com/2024/03/malicious-nuget-package-linked-to.html

Minecraft servers are under threat! With over 500M users, DDoS attacks are disrupting gameplay and server functionality.

Learn how to protect your server and ensure a smooth gaming experience.

Learn more: https://thehackernews.com/2024/03/crafting-shields-defending-minecraft.html

🕵️‍♂️ Latest Cybersecurity reports unveil two China-linked APT groups targeting ASEAN nations in cyberespionage campaign over the past 3 months, involving cyber attacks and espionage with sophisticated #malware.

Learn more: https://thehackernews.com/2024/03/two-chinese-apt-groups-ramp-up-cyber.html

⚠️🚨 Watch out! A new phishing campaign is spreading Agent Tesla, a notorious information stealer and keylogger.

This attack tricks you with emails mimicking bank payment notifications to spread the malware.

Learn more: https://thehackernews.com/2024/03/alert-new-phishing-attack-delivers.html

🚨 Alert: Hackers are actively exploiting an unpatched flaw in the popular AI platform Anyscale Ray to steal computing power for cryptocurrency mining.

Details: https://thehackernews.com/2024/03/critical-unpatched-ray-ai-platform.html

This vulnerability (CVE-2023-48022) could expose sensitive company data.

SASE improves networks but lacks in defending against phishing and takeovers.

Learn how secure browser extensions complete your cyber security strategy: https://thehackernews.com/2024/03/sase-solutions-fall-short-without.html

🛡️ A now-patched vulnerability (CVE-2024-21388) in Microsoft Edge could have allowed attackers to covertly install browser extensions without user consent.

Find details here: https://thehackernews.com/2024/03/microsoft-edge-bug-could-have-allowed.html

If you use Edge, make sure you've updated to the latest version.