A new threat, 'DuneQuixote', targets Middle Eastern governments with sophisticated evasion tactics and uses a sneaky cross-platform backdoor called CR4T.

🔗 Details here: https://thehackernews.com/2024/04/hackers-target-middle-east-governments.html

Akira ransomware group has extorted approximately $42 MILLION from over 250 global victims. It is now expanding its reach to target Linux, and VMware ESXi systems.

Read: https://thehackernews.com/2024/04/akira-ransomware-gang-extorts-42.html

Thought your firewall was enough?

Guess again... AiTM phishing, OAuth exploits, SSO attacks...hackers are getting creative targeting cloud identities.

Understand the next wave of cyberattacks – read this article: https://thehackernews.com/2024/04/showcasing-networkless-identity-attacks.html

China-linked hacking group Earth Hundun is targeting Asia-Pacific tech, research, and government sectors with advanced malware, including "Waterbear" and its upgraded successor, "Deuterbear."

Details: https://thehackernews.com/2024/04/blacktech-targets-tech-research-and-gov.html

🚨 Urgent: If you use CrushFTP for file transfers, update to the latest version immediately!

A critical flaw is being actively exploited, letting attackers escape Virtual File System (VFS) to access system files.

Click to learn more: https://thehackernews.com/2024/04/critical-update-crushftp-zero-day-flaw.html

Palo Alto Networks reveals more on exploited flaw. Attackers DON'T need device telemetry enabled. This is serious! Update your firewalls ASAP.

Details 👉 https://thehackernews.com/2024/04/palo-alto-networks-discloses-more.html

A new variant of RedLine Stealer, an information-stealing malware, has emerged using Lua bytecode to enhance its ability to evade detection. It is being distributed via repositories on GitHub disguised as game cheats.

Details: https://thehackernews.com/2024/04/new-redline-stealer-variant-disguised.html

North Korea-linked hackers, like Emerald Sleet, are using AI, particularly large language models (LLMs), for cyber operations, including spear-phishing, vulnerability research, reconnaissance and creating malicious content.

Details: https://thehackernews.com/2024/04/microsoft-warns-north-korean-hackers.html

⚠️Windows users, watch out!

Researchers detail a vulnerability in the Windows DOS-to-NT path conversion process which can be exploited by threat actors to gain rootkit-like capabilities, hiding files and processes without admin permissions.

https://thehackernews.com/2024/04/researchers-uncover-windows-flaws.html

MITRE Corporation hit by nation-state attack exploiting zero-day flaws in Ivanti Connect Secure.

Read: https://thehackernews.com/2024/04/mitre-corporation-breached-by-nation.html

Companies use 53 (🤯) security solutions on average... yet still get breached. How can we bridge this gap?

Read the latest report: https://thehackernews.com/2024/04/penteras-2024-report-reveals-hundreds.html

Ransomware victims, beware of re-victimization!

Orange Cyberdefense finds some organizations are hit multiple times. Reasons include affiliate crossovers and data misuse. Learn how to protect your organization.

Read: https://thehackernews.com/2024/04/ransomware-double-dip-re-victimization.html

Kaspersky has uncovered a concerning threat actor, ToddyCat, targeting government and military entities.

This group employs a wide range of tools to maintain persistent access and steal data on an "industrial scale."

https://thehackernews.com/2024/04/russian-hacker-group-toddycat-uses.html

🔐 Software supply chain breaches are a ticking time bomb. Forget playing defense - it's time to take the offensive against supply chain attackers.

⚡ Join our next cybersecurity webinar to learn battle-tested strategies from the experts.

Register now: https://thehacker.news/supply-chain-threats

💻 Hackers linked to Russia have been exploiting a Windows bug for YEARS to deploy GooseEgg malware for escalating attack access.

More insights here... https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html

U.S. State Department imposed visa restrictions on 13 individuals linked to selling spyware for surveillance misuse targeting journalists, academics, and human rights defenders.

Read: https://thehackernews.com/2024/04/us-imposes-visa-restrictions-on-13.html

The Great Privacy Debate >>

European law enforcement agencies are deeply concerned about the widespread use of end-to-end encryption (E2EE), indicating it could severely hamper efforts to tackle online crimes like child abuse and terrorism.

https://thehackernews.com/2024/04/police-chiefs-call-for-solutions-to.html

Germany issues arrest warrants for 3 citizens accused of spying for China to obtain sensitive tech data that could aid Beijing's military capabilities.

Find details here: https://thehackernews.com/2024/04/german-authorities-issue-arrest.html

Lost revenue, angry customers, regulatory fines… cyberattacks have far-reaching consequences.

👉 Projected costs to hit $10.5 trillion by 2025
👉 88% of breaches due to human error

Get the full story and prepare: https://thehackernews.com/2024/04/unmasking-true-cost-of-cyberattacks.html

🚨 Researchers discovered a "dependency confusion" #vulnerability in an archived Apache project, Cordova App Harness.

Get all the details in our latest post: https://thehackernews.com/2024/04/apache-cordova-app-harness-targeted-in.html

A new malware campaign has been observed distributing three info-stealers—CryptBot, LummaC2, and Rhadamanthys—using CDN cache domains to avoid detection.

Read: https://thehackernews.com/2024/04/coralraider-malware-campaign-exploits.html