10 newly discovered flaws in Googleβs Quick Share app could allow remote code execution on Windows devices.
These vulnerabilities affect both Android and Windows, potentially enabling attackers to take remote control of the systems.
Read: https://thehackernews.com/2024/08/researchers-uncover-10-flaws-in-googles.html
These vulnerabilities affect both Android and Windows, potentially enabling attackers to take remote control of the systems.
Read: https://thehackernews.com/2024/08/researchers-uncover-10-flaws-in-googles.html
π17π±7π4π3β‘2π₯2π€2
Developers, double-check your dependencies!
Researchers have uncovered a malicious Python package, βsolana-py,β on PyPI, designed to steal Solana blockchain wallet keys.
This deceptive package mimics the legitimate βsolanaβ API and has already been downloaded over 1,100 times, posing a serious threat to developers and end users.
The package injects malicious code into the "init .py" script, exfiltrating sensitive information to an external domain.
Read: https://thehackernews.com/2024/08/rogue-pypi-library-solana-users-steals.html
Researchers have uncovered a malicious Python package, βsolana-py,β on PyPI, designed to steal Solana blockchain wallet keys.
This deceptive package mimics the legitimate βsolanaβ API and has already been downloaded over 1,100 times, posing a serious threat to developers and end users.
The package injects malicious code into the "init .py" script, exfiltrating sensitive information to an external domain.
Read: https://thehackernews.com/2024/08/rogue-pypi-library-solana-users-steals.html
π23π±12π5β‘1π€1
Russian organizations face a new spear-phishing threat, EastWind, using PlugY malware for screen monitoring, keystroke logging, and data theft, endangering sensitive information and security.
Read: https://thehackernews.com/2024/08/russian-government-hit-by-eastwind.html
Read: https://thehackernews.com/2024/08/russian-government-hit-by-eastwind.html
π15β‘9π€7π₯1π±1
Major vulnerabilities found in Ewon Cosy+ remote access solution could allow attackers to gain root privileges and hijack VPN sessions.
Attackers can exploit these flaws to decrypt sensitive data and intercept critical network communications.
Read: https://thehackernews.com/2024/08/industrial-remote-access-tool-ewon-cosy.html
Attackers can exploit these flaws to decrypt sensitive data and intercept critical network communications.
Read: https://thehackernews.com/2024/08/industrial-remote-access-tool-ewon-cosy.html
π₯10π8β‘2π1
A critical #vulnerability (CVE-2024-7589) in OpenSSH on FreeBSD could allow attackers to execute code remotely with root privileges.
Learn more: https://thehackernews.com/2024/08/freebsd-releases-urgent-patch-for-high.html
If you're using FreeBSD, update your systems immediately and restart sshd.
Learn more: https://thehackernews.com/2024/08/freebsd-releases-urgent-patch-for-high.html
If you're using FreeBSD, update your systems immediately and restart sshd.
π₯32π9π€―4β‘2
Researchers uncover critical flaws in the Chinese Solarman and Deye solar management platformsβpotentially allowing hackers to control solar inverters, risking power grid disruptions and compromising sensitive user data.
Learn more: https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in.html
Learn more: https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in.html
π₯10π5π€―4β‘3
AI boom faces reality check: Generative AI still powerful in cybersecurity, enhancing defenses unpredictably. But high costs & expert handling needed. Not a silver bullet, yet reshaping industries.
Read it here: https://thehackernews.com/2024/08/the-ai-hangover-is-here-end-of-beginning.html
Read it here: https://thehackernews.com/2024/08/the-ai-hangover-is-here-end-of-beginning.html
π13π8β‘5
π¨ Phishing attacks have surged by 40% in the last year, driven by AI. With AI and Phishing-as-a-Service (PhaaS), cybercriminals can craft targeted phishing campaigns almost instantly, exploiting current events.
Learn more: https://thehackernews.com/2024/08/how-phishing-attacks-adapt-quickly-to.html
Learn more: https://thehackernews.com/2024/08/how-phishing-attacks-adapt-quickly-to.html
π12π9π€―7π±5π€1
CERT-UA has uncovered a new phishing campaign that disguises itself as the Security Service of Ukraine, spreading malware capable of remote desktop access.
Read: https://thehackernews.com/2024/08/ukraine-warns-of-new-phishing-campaign.html
Read: https://thehackernews.com/2024/08/ukraine-warns-of-new-phishing-campaign.html
π12π8π₯3
π₯ FBI disrupted the infrastructure of emerging ransomware group Dispossessor. This malware group targeted small-to-mid-sized businesses globally, with 43 victims identified, highlighting the growing risk to less-secure organizations.
https://thehackernews.com/2024/08/fbi-shuts-down-dispossessor-ransomware.html
https://thehackernews.com/2024/08/fbi-shuts-down-dispossessor-ransomware.html
π18π12
How can organizations ensure their sensitive data is secure?
Data Security Posture Management (DSPM)
Check out Sentra_security's DSPM guide to learn:
πΈWhy cloud-first enterprises are adopting DSPM
πΈWhat to look for in DSPM tools
πΈKey features of DSPM
π Read: https://thn.news/sentra-dspm-guide
Data Security Posture Management (DSPM)
Check out Sentra_security's DSPM guide to learn:
πΈWhy cloud-first enterprises are adopting DSPM
πΈWhat to look for in DSPM tools
πΈKey features of DSPM
π Read: https://thn.news/sentra-dspm-guide
www.sentra.io
What is DSPM (Data Security Posture Management)? | Sentra
DSPM secures cloud data by ensuring that sensitive data has always the correct security posture, no matter where itβs been moved. Learn more in our guide.
π5π€5π2
π¨ Critical security flaws in Microsoft's Azure Health Bot Service could have exposed sensitive patient data across multiple tenants.
Hackers could exploit these to move laterally within customer environments, risking large-scale privacy breaches.
Read: https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in_0471960302.html
Hackers could exploit these to move laterally within customer environments, risking large-scale privacy breaches.
Read: https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in_0471960302.html
π7π€―6π₯5π3
Researchers have uncovered a critical vulnerability, dubbed GhostWrite, in T-Headβs XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain full access to affected devices.
Read: https://thehackernews.com/2024/08/ghostwrite-new-t-head-cpu-bugs-expose.html
Read: https://thehackernews.com/2024/08/ghostwrite-new-t-head-cpu-bugs-expose.html
π9π5π₯5π€3
China-backed Earth Baku hacker group expands cyber attacks globally, using new #malware (StealthReacher and SneakCross) and tactics to target governments and tech sectors across Europe, Middle East, and Africa.
Learn more: https://thehackernews.com/2024/08/china-backed-earth-baku-expands-cyber.html
Learn more: https://thehackernews.com/2024/08/china-backed-earth-baku-expands-cyber.html
π₯12π3π3
Ivanti has released critical updates to patch a vulnerability (CVE-2024-7593) in its Virtual Traffic Manager (vTM) that allows authentication bypass and rogue admin creation.
Read: https://thehackernews.com/2024/08/critical-flaw-in-ivanti-virtual-traffic.html
Ensure your systems are secureβapply the patches now.
Read: https://thehackernews.com/2024/08/critical-flaw-in-ivanti-virtual-traffic.html
Ensure your systems are secureβapply the patches now.
π11β‘3π1
Microsoftβs latest Patch Tuesday addresses 90 security vulnerabilities, including 6 zero-days actively exploited in the wild.
Read: https://thehackernews.com/2024/08/microsoft-issues-patches-for-90-flaws.html
Donβt waitβapply the patches now to protect your systems.
Read: https://thehackernews.com/2024/08/microsoft-issues-patches-for-90-flaws.html
Donβt waitβapply the patches now to protect your systems.
π₯16π8π4β‘1π€1
DDoS attacks have increased by 46% in H1 2024, with peak attacks now hitting 1.7 Tbps.
This surge underscores the growing threat landscape, where businesses across all sectors must bolster their defenses.
Read: https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html
This surge underscores the growing threat landscape, where businesses across all sectors must bolster their defenses.
Read: https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html
π18π€―3π±2
π’ AnyRun released a new guide on investigating emerging threats!
The service shares hands-on tips on collecting intelligence on the latest malware and phishing threats
π Read now https://thn.news/anyrun-emerging-threats
The service shares hands-on tips on collecting intelligence on the latest malware and phishing threats
π Read now https://thn.news/anyrun-emerging-threats
ANY.RUN's Cybersecurity Blog
What Are Emerging Threats and How to Investigate Them - ANY.RUN's Cybersecurity Blog
Learn about emerging threats and see how you can investigate them using Threat Intelligence Lookup from ANY.RUN.
π14π₯2
Maksim Silnikau, the mastermind behind ransomware and exploit kits, including Angler, has been arrested and extradited to the U.S. His malicious software infected over 100,000 devices, causing millions in damages.
Learn more: https://thehackernews.com/2024/08/belarusian-ukrainian-hacker-extradited.html
Learn more: https://thehackernews.com/2024/08/belarusian-ukrainian-hacker-extradited.html
π15π₯11β‘4
A new social engineering campaign by the Black Basta ransomware group targets users with credential theft and malware attacks, using fake IT support calls via Microsoft Teams to trick them into downloading software like AnyDesk.
Read: https://thehackernews.com/2024/08/black-basta-linked-attackers-targets.html
Read: https://thehackernews.com/2024/08/black-basta-linked-attackers-targets.html
π14π7π₯4π±4β‘2π2
A new Gafgyt botnet variant is exploiting weak SSH passwords to mine cryptocurrency using compromised GPU power.
Read: https://thehackernews.com/2024/08/new-gafgyt-botnet-variant-targets-weak.html
Secure your servers nowβimplement strong SSH passwords and continuous monitoring.
Read: https://thehackernews.com/2024/08/new-gafgyt-botnet-variant-targets-weak.html
Secure your servers nowβimplement strong SSH passwords and continuous monitoring.
π₯10β‘4π2