⚠️ Ivanti releases security patches for 4 new flaws in Connect Secure/Policy Secure Gateways.

Flaws could allow attackers to execute arbitrary code or launch DoS attacks.

Learn more: https://thehackernews.com/2024/04/ivanti-rushes-patches-for-4-new-flaw-in.html

Your data protection strategy can only be as good as the solutions you choose to implement. This makes being prepared and informed a crucial part of the buying process.

Check out the free Zerto Data Protection Buyers Guide for more buying decision info: https://thn.news/6DQjE1Pa

New HTTP/2 #ulnerability discovered.

"CONTINUATION Flood" attacks can lead to denial-of-service (DoS). This could cause crashes and serious website disruptions.

Find details here: https://thehackernews.com/2024/04/new-http2-vulnerability-exposes-web.html

🚨 Beware of new phishing campaigns targeting the oil and gas sector. Rhadamanthys malware makes a comeback, using a clever vehicle incident lure to trick victims into downloading malicious payloads.

Learn more: https://thehackernews.com/2024/04/new-phishing-campaign-targets-oil-gas.html

⚠️ Vietnamese hacking group, CoralRaider, targets multiple Asian countries with data-stealing malware, stealing credentials & financial data to sell on underground markets.

Read details: https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html

⚡ Critical Supply Chain Compromise: Backdoor in XZ Utils allows RCE.

See how to detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library.

Read: https://thn.news/critical-rce-xz-utils

🛑 Multiple China-based hackers are on a spree exploiting zero-day flaws in Ivanti appliances.

Vulnerabilities CVE-2023-46805, CVE-2024-21887, CVE-2024-21893 are being abused.

Learn more: https://thehackernews.com/2024/04/researchers-identify-multiple-china.html

Even financially motivated groups are in on the action.

⚠️ Financial organizations in APAC & MENA are under attack!

A sophisticated threat dubbed JSOutProx combines JavaScript & .NET to infiltrate systems, targeting banks & big companies.

https://thehackernews.com/2024/04/new-wave-of-jsoutprox-malware-targeting.html

⚠️ Watch out for FAKE Adobe Acrobat Reader installers. They carry a nasty malware called Byakugan that steals your data and even drops cryptominers.

https://thehackernews.com/2024/04/from-pdfs-to-payload-bogus-adobe.html

🔒 New research reveals critical security risks for AI-as-a-service providers like Hugging Face. Attackers could gain access to hijack models, escalate privileges, and infiltrate CI/CD pipelines.

Details: https://thehackernews.com/2024/04/ai-as-service-providers-vulnerable-to.html

Security ≠ Compliance!

Compliance requirements in cybersecurity are evolving rapidly, demanding stronger organizational skills from CISOs. Building partnerships with legal teams, privacy officers, and audit committees is crucial for success.

Learn: https://thehackernews.com/2024/04/ciso-perspectives-on-complying-with.html

⚠️ ALERT: Exploit alert for Magento users!

A critical flaw, CVE-2024-20720, allows threat actors to sneak a persistent backdoor into e-commerce sites and deploy skimmers to steal financial data.

Learn more: https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html

🔐 Google sues app developers for massive cryptocurrency scam.

Scammers tricked 100,000+ users into downloading fake investment apps, stealing money under the promise of high returns.

Learn more: https://thehackernews.com/2024/04/google-sues-app-developers-over-fake.html

🛑 Latin America targeted in a new phishing attack. Beware of emails with HTML files or ZIP attachments posing as invoices.

Cybercriminals are also using suspended domains and CAPTCHA verification to mask malicious files.

Learn more: https://thehackernews.com/2024/04/cybercriminals-targeting-latin-america.html

⚠️ Beware of Latrodectus malware. This powerful new threat is believed to be linked to the notorious IcedID group. It can execute commands, evade detection, and pave the way for further attacks.

Learn more: https://thehackernews.com/2024/04/watch-out-for-latrodectus-this-malware.html

🛡️ Google adds V8 Sandbox to Chrome, designed to combat memory corruption issues within its JavaScript engine—addressing the root cause of many zero-day exploits.

Read details here: https://thehackernews.com/2024/04/google-chrome-adds-v8-sandbox-new.html

⚠️ Urgent Alert: Hackers are exploiting vulnerabilities (CVE-2024-3272 and CVE-2024-3273) in D-Link NAS devices.

Up to 92,000 devices affected, allowing data theft and device control.

https://thehackernews.com/2024/04/critical-flaws-leave-92000-d-link-nas.html

D-Link won't fix it – upgrade or disconnect ASAP!

Hackers using fake invoices to spread dangerous malware like Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and crypto wallet stealers.

They let them take over your computer, steal passwords and sensitive data, and empty crypto wallets.

https://thehackernews.com/2024/04/attackers-using-obfuscation-tools-to.html

Gain full visibility into privileged access activities with One Identity PAM Essentials. Its simplified approach eliminates complexity, reduces operational overhead, and ensures compliance with regulatory requirements.

Discover more: https://thehackernews.com/2024/03/embracing-cloud-revolutionizing.html

🚨 Hackers could take control of your LG Smart TV – Multiple security vulnerabilities have been uncovered in LG webOS, allowing unauthorized access.

Get the details and check if you need the update 👇
https://thehackernews.com/2024/04/researchers-discover-lg-smart-tv.html

Did you know that 80% of app security issues stem from outdated dependencies?

Join Justin Clareburt, Product Owner at Mend Renovate, for a live session on April 17th. Discover how automated dependency updates can keep your apps modern, secure, and bug-free.

Register now: https://thn.news/updating-dependencies-webinar