China-linked hacker group Earth Freybug is now using a new malware named "UNAPIMON" to fly under the radar.

Learn more: https://thehackernews.com/2024/04/china-linked-hackers-deploy-new.html

Researchers shed light on their espionage and financially motivated activities.

🛑 Malicious code discovered in widely used Linux tool XZ Utils could lead to remote code execution. The incident underscores the dangers of open-source software reliance.

Read now: https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html

If you use Linux, take action NOW.

What makes Cloud Security tough? Lack of visibility, inconsistent permissions, blurred ownership...

Hybrid attack path analysis is crucial for complete security. Continuous Threat Exposure Management (CTEM) helps block critical attack vectors.

Learn: https://thehackernews.com/2024/04/harnessing-power-of-ctem-for-cloud.html

🚨 Heads up, WordPress admins!

A critical SQL injection flaw in the LayerSlider plugin (CVE-2024-2879) could lead to sensitive data leaks. If you haven't updated, make sure to install version 7.10.1 or latest.

Find details: https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html

⚠️ Banking trojan Mispadu expands to Italy, Poland, and Sweden, stealing thousands of credentials with sophisticated tactics like phishing emails and keystroke capture.

Read details: https://thehackernews.com/2024/04/mispadu-trojan-targets-europe-thousands.html

Google Chrome is testing a new feature called "Device Bound Session Credentials" to fight against session cookie theft by #malware.

DBSC links auth sessions directly to users' devices to stop cookie theft hacks.

Learn more about it: https://thehackernews.com/2024/04/google-chrome-beta-tests-new-dbsc.html

Confused about vulnerability management (VM) vs. attack surface management (ASM)?

They're both important but different. But together, they form a robust defense against cyber threats.

Learn how: https://thehackernews.com/2024/04/attack-surface-management-vs.html

⚠️ U.S. Cyber Safety Review Board slams Microsoft for security failures that enabled a major data breach by China-backed hackers.

Read details: https://thehackernews.com/2024/04/us-cyber-safety-board-slams-microsoft.html

🔥 Google's Pixel smartphones under attack!

Two new Android security flaws - CVE-2024-29745 & CVE-2024-29748 - uncovered, exploited in the wild by forensic companies.

Learn more: https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html

⚠️ Ivanti releases security patches for 4 new flaws in Connect Secure/Policy Secure Gateways.

Flaws could allow attackers to execute arbitrary code or launch DoS attacks.

Learn more: https://thehackernews.com/2024/04/ivanti-rushes-patches-for-4-new-flaw-in.html

Your data protection strategy can only be as good as the solutions you choose to implement. This makes being prepared and informed a crucial part of the buying process.

Check out the free Zerto Data Protection Buyers Guide for more buying decision info: https://thn.news/6DQjE1Pa

New HTTP/2 #ulnerability discovered.

"CONTINUATION Flood" attacks can lead to denial-of-service (DoS). This could cause crashes and serious website disruptions.

Find details here: https://thehackernews.com/2024/04/new-http2-vulnerability-exposes-web.html

🚨 Beware of new phishing campaigns targeting the oil and gas sector. Rhadamanthys malware makes a comeback, using a clever vehicle incident lure to trick victims into downloading malicious payloads.

Learn more: https://thehackernews.com/2024/04/new-phishing-campaign-targets-oil-gas.html

⚠️ Vietnamese hacking group, CoralRaider, targets multiple Asian countries with data-stealing malware, stealing credentials & financial data to sell on underground markets.

Read details: https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html

⚡ Critical Supply Chain Compromise: Backdoor in XZ Utils allows RCE.

See how to detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library.

Read: https://thn.news/critical-rce-xz-utils

🛑 Multiple China-based hackers are on a spree exploiting zero-day flaws in Ivanti appliances.

Vulnerabilities CVE-2023-46805, CVE-2024-21887, CVE-2024-21893 are being abused.

Learn more: https://thehackernews.com/2024/04/researchers-identify-multiple-china.html

Even financially motivated groups are in on the action.

⚠️ Financial organizations in APAC & MENA are under attack!

A sophisticated threat dubbed JSOutProx combines JavaScript & .NET to infiltrate systems, targeting banks & big companies.

https://thehackernews.com/2024/04/new-wave-of-jsoutprox-malware-targeting.html

⚠️ Watch out for FAKE Adobe Acrobat Reader installers. They carry a nasty malware called Byakugan that steals your data and even drops cryptominers.

https://thehackernews.com/2024/04/from-pdfs-to-payload-bogus-adobe.html

🔒 New research reveals critical security risks for AI-as-a-service providers like Hugging Face. Attackers could gain access to hijack models, escalate privileges, and infiltrate CI/CD pipelines.

Details: https://thehackernews.com/2024/04/ai-as-service-providers-vulnerable-to.html

Security ≠ Compliance!

Compliance requirements in cybersecurity are evolving rapidly, demanding stronger organizational skills from CISOs. Building partnerships with legal teams, privacy officers, and audit committees is crucial for success.

Learn: https://thehackernews.com/2024/04/ciso-perspectives-on-complying-with.html

⚠️ ALERT: Exploit alert for Magento users!

A critical flaw, CVE-2024-20720, allows threat actors to sneak a persistent backdoor into e-commerce sites and deploy skimmers to steal financial data.

Learn more: https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html