A sophisticated cyber-espionage campaign has re-emerged, targeting South Asia with an iOS spyware implant called LightSpy, allowing attackers to capture data from a variety of sources.

https://thehackernews.com/2024/04/chinese-linked-lightspy-ios-spyware.html

Hackers aren't just after your servers. The Muddled Libra threat group weaponizes SaaS & cloud environments for data exfiltration. Learn how they're getting in & how to stop them:

https://thehackernews.com/2024/04/muddled-libra-shifts-focus-to-saas-and.html

JIT access is reshaping privileged access management (PAM). Learn how it boosts security and minimizes attack vectors.

Explore the benefits of JIT access here:
https://thehackernews.com/2024/04/timing-is-everything-role-of-just-in.html

GitHub Copilot may boost coding speed, but at what cost? Find out how 40% of code suggestions might expose you to cyber risks.

Get the full scoop here: https://thehackernews.com/2024/04/ai-copilot-launching-innovation-rockets.html

A security vulnerability in the Lighttpd web server, often used in baseboard management controllers (BMCs), has not been addressed by certain vendors, including Intel and Lenovo.

Read details here: https://thehackernews.com/2024/04/intel-and-lenovo-bmcs-contain-unpatched.html

🚨 Two individuals have been arrested for developing and distributing Hive RAT malware, while a Nebraska man has been indicted for a $3.5 million cloud cryptojacking scheme.

https://thehackernews.com/2024/04/hive-rat-creators-and-35m-cryptojacking.html

The FTC fined mental telehealth service Cerebral over $7 million for deceptive data sharing practices and failing to honor its cancellation policies.

https://thehackernews.com/2024/04/hive-rat-creators-and-35m-cryptojacking.html

🚨 Alert - A critical vulnerability in PuTTY versions 0.68 to 0.80 could lead to private key compromises.

Details: https://thehackernews.com/2024/04/widely-used-putty-ssh-client-found.html

Don't let hackers take control—update immediately.

Are you concerned about cyber attacks? You're not alone. Shockingly, a recent report reveals that 67% of businesses are leaving themselves vulnerable to hackers through bad password habits.

Don't be a sitting duck! Check out this report on how to level up your security game: https://thehackernews.com/2024/04/identity-in-shadows-shedding-light-on.html

🔐 Popular cloud CLI tools (AWS, Google Cloud, Azure) have a vulnerability ("LeakyCLI") exposing sensitive data in build logs.

Click to learn more: https://thehackernews.com/2024/04/aws-google-and-azure-cli-tools-could.html

TA558 hackers are using steganography to hide and distribute #malware like Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm in love-themed documents to target different industries.

Find out how: https://thehackernews.com/2024/04/ta558-hackers-weaponize-images-for-wide.html

#hacking #cybersecurity

Security researchers uncover a "credible" takeover attempt on the OpenJS Foundation, mirroring a recent incident with XZ Utils.

Read: https://thehackernews.com/2024/04/openjs-foundation-targeted-in-potential.html

⚠️ Researchers warn of a global increase in TOR-based brute-force attacks targeting VPNs, web applications, and SSH services.

Details: https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html

🚨 If you use Fortinet FortiClient EMS, patch NOW.

Researchers have uncovered a new malicious campaign exploiting a vulnerability in Fortinet FortiClient EMS devices, deploying ScreenConnect and Metasploit.

https://thehackernews.com/2024/04/hackers-exploit-fortinet-flaw-deploy.html

🚨 Alert: Hackers are exploiting a critical vulnerability (CVE-2023-22518) in Atlassian servers to gain admin access and deploy a Linux variant of Cerber ransomware.

More info here: https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html

⚡ Announcing the Cyber Sentinel Skills Challenge – a new cyber skills competition from the Department of Defense with $15,000 in cash prizes.

All skill levels are welcome!

Apply to compete: https://thn.news/dod-cybersentinel-challenge

AI = awesome productivity, OR scary security threat? Maybe both!

Software companies rush to integrate generative AI (GenAI) into products, but security vulnerabilities can't be ignored.

Read about GenAI risks: https://thehackernews.com/2024/04/genai-new-headache-for-saas-security.html

🚨 A new stealthy backdoor malware called Kapeka, likely created by Russia's APT group Sandworm, has been targeting Eastern Europe, including Estonia and Ukraine.

Learn more about this cyber threat: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html

Want to make sure your Active Directory isn’t a welcome mat for attackers?

Then grab your copy of the new XM Cyber Active Directory Security Best Practices Checklist – and make sure you’re keeping your organization’s AD safe from threats.

Download ➟ https://thn.news/active-directory-security-checklist

🛑 Hackers are using fake domains of popular IP scanners like Advanced IP Scanner & ManageEngine in a Google Ads malvertising scheme to spread the MadMxShell backdoor – 45+ domains created since November 2023.

Learn more: https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html

⚠️ Heads up, Kubernetes users! Hackers have found a way into OpenMetadata and are using your resources to mine cryptocurrencies.

Find out more: https://thehackernews.com/2024/04/hackers-exploit-openmetadata-flaws-to.html

Patch your systems ASAP!