🚨 Critical security flaws in Microsoft's Azure Health Bot Service could have exposed sensitive patient data across multiple tenants.

Hackers could exploit these to move laterally within customer environments, risking large-scale privacy breaches.

Read: https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in_0471960302.html

Researchers have uncovered a critical vulnerability, dubbed GhostWrite, in T-Head’s XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain full access to affected devices.

Read: https://thehackernews.com/2024/08/ghostwrite-new-t-head-cpu-bugs-expose.html

China-backed Earth Baku hacker group expands cyber attacks globally, using new #malware (StealthReacher and SneakCross) and tactics to target governments and tech sectors across Europe, Middle East, and Africa.

Learn more: https://thehackernews.com/2024/08/china-backed-earth-baku-expands-cyber.html

Ivanti has released critical updates to patch a vulnerability (CVE-2024-7593) in its Virtual Traffic Manager (vTM) that allows authentication bypass and rogue admin creation.

Read: https://thehackernews.com/2024/08/critical-flaw-in-ivanti-virtual-traffic.html

Ensure your systems are secure—apply the patches now.

Microsoft’s latest Patch Tuesday addresses 90 security vulnerabilities, including 6 zero-days actively exploited in the wild.

Read: https://thehackernews.com/2024/08/microsoft-issues-patches-for-90-flaws.html

Don’t wait—apply the patches now to protect your systems.

DDoS attacks have increased by 46% in H1 2024, with peak attacks now hitting 1.7 Tbps.

This surge underscores the growing threat landscape, where businesses across all sectors must bolster their defenses.

Read: https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html

📢 AnyRun released a new guide on investigating emerging threats!

The service shares hands-on tips on collecting intelligence on the latest malware and phishing threats

🔗 Read now https://thn.news/anyrun-emerging-threats

Maksim Silnikau, the mastermind behind ransomware and exploit kits, including Angler, has been arrested and extradited to the U.S. His malicious software infected over 100,000 devices, causing millions in damages.

Learn more: https://thehackernews.com/2024/08/belarusian-ukrainian-hacker-extradited.html

A new social engineering campaign by the Black Basta ransomware group targets users with credential theft and malware attacks, using fake IT support calls via Microsoft Teams to trick them into downloading software like AnyDesk.

Read: https://thehackernews.com/2024/08/black-basta-linked-attackers-targets.html

A new Gafgyt botnet variant is exploiting weak SSH passwords to mine cryptocurrency using compromised GPU power.

Read: https://thehackernews.com/2024/08/new-gafgyt-botnet-variant-targets-weak.html

Secure your servers now—implement strong SSH passwords and continuous monitoring.

A new attack vector in GitHub Actions, dubbed ArtiPACKED, has been discovered, exposing repositories to potential takeovers and compromising cloud environments.

Learn more: https://thehackernews.com/2024/08/github-vulnerability-artipacked-exposes.html

A newly identified threat actor, Actor240524, is targeting Azerbaijani and Israeli diplomats in a sophisticated phishing campaign, aiming to steal sensitive diplomatic data.

Learn more: https://thehackernews.com/2024/08/new-cyber-threat-targets-azerbaijan-and.html

⚠️ RansomHub-linked cybercriminals have a new weapon—EDRKillShifter, a tool designed to neutralize your endpoint protection.

With a focus on exploiting vulnerable drivers, this tool can escalate privileges & execute payloads stealthily.

Read: https://thehackernews.com/2024/08/ransomhub-group-deploys-new-edr-killing.html

New threat actor COLDWASTREL emerges!

Russian-linked hackers target Eastern European NGOs, media, and U.S. think tanks in sophisticated spear-phishing campaigns.

Read: https://thehackernews.com/2024/08/russian-linked-hackers-target-eastern.html

SolarWinds has released critical patches for a security flaw in its Web Help Desk software, rated 9.8/10 on the CVSS scale.

This vulnerability allows potential remote code execution, posing severe risks to businesses relying on the software.

Read: https://thehackernews.com/2024/08/solarwinds-releases-patch-for-critical.html

A pre-installed app on Google Pixel devices could expose users to potential cyberattacks due to insecure code execution.

With over 3 dozen permissions, the app has access to sensitive data & system-level functions, posing a significant risk.

https://thehackernews.com/2024/08/google-pixel-devices-shipped-with.html

🚨 Cybersecurity alert for macOS users: Banshee Stealer targets browsers, crypto wallets, and more!

This malware is designed to bypass defenses, steal sensitive information, and exfiltrate data from your system.

Read: https://thehackernews.com/2024/08/new-banshee-stealer-targets-100-browser.html

Discover how Identity Threat Detection & Response (ITDR) solutions safeguard both human and non-human identities across across multi-environment cloud services, enhancing security against sophisticated identity-based attacks.

Read Guide: https://thehackernews.com/2024/08/identity-threat-detection-and-response.html

A new wave of attacks using ValleyRAT malware is spreading, primarily targeting Chinese-speaking communities.

Its ability to execute code directly in memory, leaving minimal traces, makes it incredibly hard to detect.

Learn more at The Hacker News : https://thehackernews.com/2024/08/multi-stage-valleyrat-targets-chinese.html

A new cyber campaign, dubbed "Tusk," is leveraging fake websites to distribute the DanaBot and StealC malware.

These malware campaigns are particularly dangerous as they impersonate trusted brands, leading users to unwittingly download harmful software.

Read: https://thehackernews.com/2024/08/russian-hackers-using-fake-brand-sites.html

94% of CISOs are concerned AI adoption will add pressure to their teams.

How are they navigating the integration of AI into cybersecurity and the impact on their organizations?

Get the latest research report from Tines to learn how leading CISOs are thinking about AI in their organizations, and how they’re separating AI's true potential from the noise.

Download the full report from Tines to learn more: https://thn.news/tines-ciso-ai