β‘ Alert: Void Banshee is actively exploiting a zero-day flaw in Microsoft MHTML to spread the Atlantida info-stealer.
CVE-2024-38112 threatens sensitive data across numerous platforms.
Learn about the attack chain: https://thehackernews.com/2024/07/void-banshee-apt-exploits-microsoft.html
CVE-2024-38112 threatens sensitive data across numerous platforms.
Learn about the attack chain: https://thehackernews.com/2024/07/void-banshee-apt-exploits-microsoft.html
π₯9π5
Iranian state-sponsored hackers MuddyWater shift tactics, deploying new backdoor BugSleep in Middle East cyber attacks, moving away from using legitimate RMM tools.
Learn more: https://thehackernews.com/2024/07/iranian-hackers-deploy-new-bugsleep.html
Experts warn of an evolving threat landscape.
Learn more: https://thehackernews.com/2024/07/iranian-hackers-deploy-new-bugsleep.html
Experts warn of an evolving threat landscape.
π6π€6π₯3
Malicious npm packages "img-aws-s3-object-multipart-copy" and "legacyaws-s3-object-multipart-copy" found with backdoor code; sophisticated attack using image files to conceal malicious code, urging developers to be extra cautious.
https://thehackernews.com/2024/07/malicious-npm-packages-found-using.html
https://thehackernews.com/2024/07/malicious-npm-packages-found-using.html
π€―12π8
Exploring DSPMs at Black Hat 2024?
With Sentra's DSPM:
βοΈ Your data stays in your environment
βοΈ There's no need to manually configure connections
βοΈ Get continuous activity log monitoring & suspicious activities alert
Get a live demo: https://thn.news/sentra-black-hat-2024
With Sentra's DSPM:
βοΈ Your data stays in your environment
βοΈ There's no need to manually configure connections
βοΈ Get continuous activity log monitoring & suspicious activities alert
Get a live demo: https://thn.news/sentra-black-hat-2024
www.sentra.io
Meet Sentra at Black Hat 2024
Learn more about DSPM at our happy hours, on the racetrack, and in our Black Hat meeting room!
π₯7π2π€2
Discover how the 'Konfety' ad fraud operation exploits Google Play Store apps, using a novel 'decoy/evil twin' mechanism to commit large-scale ad fraud
Read it here: https://thehackernews.com/2024/07/konfety-ad-fraud-uses-250-google-play.html
Read it here: https://thehackernews.com/2024/07/konfety-ad-fraud-uses-250-google-play.html
π₯7π€―3β‘2π1
Learn cybersecurity risk management from the experts. Attend Georgetown's virtual sample class on July 26.
Sign up here: https://thn.news/georgetown-cyber-risk-li
Sign up here: https://thn.news/georgetown-cyber-risk-li
scs.georgetown.edu
Cybersecurity Risk Management Virtual Sample Class | Georgetown SCS
π9β‘2π₯2
π¨ Identity-based threats to SaaS apps are escalating!
A robust Identity Threat Detection & Response (ITDR) system can prevent massive breaches, such as the Snowflake incident.
Learn essential steps to strengthen your identity fabric & prevent breaches: https://thehackernews.com/2024/07/threat-prevention-detection-in-saas.html
A robust Identity Threat Detection & Response (ITDR) system can prevent massive breaches, such as the Snowflake incident.
Learn essential steps to strengthen your identity fabric & prevent breaches: https://thehackernews.com/2024/07/threat-prevention-detection-in-saas.html
π11π₯4β‘3
β οΈ New Critical Flaw Alert: Apache HugeGraph-Server vulnerability (CVE-2024-27348) with a CVSS score of 9.8 is being actively exploited for remote code execution.
Learn more: https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html
Are your servers up-to-date?
Learn more: https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html
Are your servers up-to-date?
π₯8π€―3π2π2
π¨ Cybercrime group Scattered Spider is now using RansomHub and Qilin ransomware strains, according to Microsoft.
Learn about the evolving cybercrime landscape and new ransomware threats: https://thehackernews.com/2024/07/scattered-spider-adopts-ransomhub-and.html
Learn about the evolving cybercrime landscape and new ransomware threats: https://thehackernews.com/2024/07/scattered-spider-adopts-ransomhub-and.html
π₯8π3β‘2π1
China-linked APT17 targets Italian entities with 9002 RAT malware, utilizing spear-phishing attacks via Office documents and malicious links.
Understanding these tactics helps organizations anticipate and mitigate similar threats.
Read: https://thehackernews.com/2024/07/china-linked-apt17-targets-italian.html
Understanding these tactics helps organizations anticipate and mitigate similar threats.
Read: https://thehackernews.com/2024/07/china-linked-apt17-targets-italian.html
π₯11π4π2π1π€―1
π¨ Alert: FIN7 cybercrime group's latest tool, AvNeutralizer, used by ransomware groups such as Black Basta, is now being marketed in criminal darkweb forums with new capabilities to evade security solutions.
Learn more: https://thehackernews.com/2024/07/fin7-group-advertises-security.html
Learn more: https://thehackernews.com/2024/07/fin7-group-advertises-security.html
π₯9π5π2π€―2π±1
SIM swap attacks are on the rise, with T-Mobile and Verizon employees being targeted to enable these scams.
Developing a culture of security awareness is essential to prevent these breaches.
Learn how to mitigate these threats: https://thehackernews.com/2024/07/navigating-insider-risks-are-your.html
Developing a culture of security awareness is essential to prevent these breaches.
Learn how to mitigate these threats: https://thehackernews.com/2024/07/navigating-insider-risks-are-your.html
π11π€7π₯4
Cybersecurity researchers have identified a new variant of BeaverTail malware disguised as a #macOS app targeting job seekers. The malware, used by DPRK hackers, steals sensitive information and installs backdoors.
Learn more: https://thehackernews.com/2024/07/north-korean-hackers-update-beavertail.html
Learn more: https://thehackernews.com/2024/07/north-korean-hackers-update-beavertail.html
π11π₯8
Wiz Demo: See The #1 Cloud Security Platform In Action
Toxic combinations polluting your cloud? See how Wiz uncovers hidden risk and blocks attack paths to reduce your cloud exposure.
Book a Demo: https://thn.news/wiz-demo-hn
Toxic combinations polluting your cloud? See how Wiz uncovers hidden risk and blocks attack paths to reduce your cloud exposure.
Book a Demo: https://thn.news/wiz-demo-hn
wiz.io
Wiz Demo: See The #1 Cloud Security Platform In Action | Wiz
Request a personalized demo of Wiz's Cloud Security Platform, the only agentless, graph-based CNAPP to secure your apps across the dev pipeline and runtime.
π₯10π5π5π€2
π¨ ALERT: Cisco patches critical vulnerability in Smart Software Manager On-Prem. This flaw could allow attackers to change any user's password, including admins.
CVE-2022-22948 could be exploited with crafted HTTP requestsβPatch now!
Read: https://thehackernews.com/2024/07/cisco-warns-of-critical-flaw-affecting.html
CVE-2022-22948 could be exploited with crafted HTTP requestsβPatch now!
Read: https://thehackernews.com/2024/07/cisco-warns-of-critical-flaw-affecting.html
π10π₯4π€2
Meta suspends use of GenAI in Brazil following a preliminary ban by the country's data protection authority.
Read: https://thehackernews.com/2024/07/meta-halts-ai-use-in-brazil-following.html
Analysts suggest this might influence future AI policies globally, urging companies to prioritize user consent.
Read: https://thehackernews.com/2024/07/meta-halts-ai-use-in-brazil-following.html
Analysts suggest this might influence future AI policies globally, urging companies to prioritize user consent.
π14π3
A sophisticated cyber espionage group, TAG-100, is targeting global organizations in over 10 countries using open-source tools. This widespread attack affects multiple sectors and regions.
Details here: https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html
Details here: https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html
π₯11π3π€2
Critical vulnerabilities have been discovered in SAP's AI Core platform, potentially exposing customer data and access tokens.
This affects businesses using SAP for AI workflows, threatening supply chain attacks and unauthorized access to sensitive information.
Learn about the 'SAPwned' flaws and their impact on The Hacker News: https://thehackernews.com/2024/07/sap-ai-core-vulnerabilities-expose.html
This affects businesses using SAP for AI workflows, threatening supply chain attacks and unauthorized access to sensitive information.
Learn about the 'SAPwned' flaws and their impact on The Hacker News: https://thehackernews.com/2024/07/sap-ai-core-vulnerabilities-expose.html
π₯8π€―7π6π4
Bots now account for 44.5% of travel industry's web traffic, warns Imperva in their 2024 Bad Bot Report.
With the summer travel season approaching, the risk of fraud and account takeovers is higher than ever, posing significant risks to customer trust and operational efficiency.
Industry experts recommend advanced traffic analysis,blocking outdated browsers and real-time bot detection to mitigate these threats.
Learn more: https://thehackernews.com/2024/07/automated-threats-pose-increasing-risk.html
With the summer travel season approaching, the risk of fraud and account takeovers is higher than ever, posing significant risks to customer trust and operational efficiency.
Industry experts recommend advanced traffic analysis,blocking outdated browsers and real-time bot detection to mitigate these threats.
Learn more: https://thehackernews.com/2024/07/automated-threats-pose-increasing-risk.html
π14π€3π₯1
π Tired of security alerts being ignored by devs?
We've got the solution. Join this free WEBINAR & learn how to build a Security Champion π¦Έ program & turn developers into your strongest cybersecurity allies.
Save your seat now: https://thehackernews.com/2024/07/appsec-webinar-how-to-turn-developers.html
We've got the solution. Join this free WEBINAR & learn how to build a Security Champion π¦Έ program & turn developers into your strongest cybersecurity allies.
Save your seat now: https://thehackernews.com/2024/07/appsec-webinar-how-to-turn-developers.html
π₯10π4
Researchers uncover "HotPage" adware masquerading as an ad-blocker. This malware can inject code into processes, potentially granting attackers system-level access on Windows.
Learn more: https://thehackernews.com/2024/07/alert-hotpage-adware-disguised-as-ad.html
Learn more: https://thehackernews.com/2024/07/alert-hotpage-adware-disguised-as-ad.html
π₯10π±7π5π4