🚨 A critical (CVSS 10.0) vulnerability in the GiveWP plugin exposes over 100,000 WordPress sites to remote code execution attacks.

Learn more: https://thehackernews.com/2024/08/givewp-wordpress-plugin-vulnerability.html

Don’t delay—secure your website now!

CERT-UA warns of new phishing attacks by Vermin hackers, using POW images to spread SPECTR and FIRMACHAGENT #malware targeting Ukrainian devices.

Learn more: https://thehackernews.com/2024/08/cert-ua-warns-of-new-vermin-linked.html

A newly discovered macOS malware, TodoSwift, linked to North Korean hacking groups, poses a serious threat to crypto businesses, especially targeting blockchain engineers with sophisticated multi-stage attacks.

Learn more: https://thehackernews.com/2024/08/new-macos-malware-todoswift-linked-to.html

The operator of Styx Stealer inadvertently leaked sensitive client data from their own machine, a glaring OPSEC failure. Styx Stealer, a malware variant, can steal browser data, Telegram sessions, and cryptocurrency wallets.

Read: https://thehackernews.com/2024/08/styx-stealer-creators-opsec-fail-leaks.html

70% of IT pros have faced security incidents due to incomplete offboarding.

Incomplete IT offboarding isn’t just a technical hiccup—it’s a direct threat to your organization’s security and budget.

Learn how to streamline offboarding process: https://thehackernews.com/2023/11/how-to-automate-hardest-parts-of.html

A new remote access trojan, MoonPeak, is actively being deployed by a North Korean hacking group, UAT-5394.

This malware only works with specific C2 servers, indicating a tailored approach to bypass defenses.

Read details: https://thehackernews.com/2024/08/north-korean-hackers-deploy-new.html

Shadow IT and unchecked SaaS applications create significant security blind spots.

Learn the risks and how to protect your business data from third-party app attacks in today's workplace.

Read: https://thehackernews.com/2024/08/its-time-to-untangle-saas-ball-of-yarn.html

A critical security flaw in #Microsoft's Copilot Studio, tracked as CVE-2024-38206, has been disclosed, potentially exposing sensitive information.

Learn more: https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html

New malware PG_MEM targets PostgreSQL databases with weak passwords, exploiting features to mine cryptocurrency and potentially control servers.

Once inside, attackers can deploy malware, steal data, and even control the server.

Read: https://thehackernews.com/2024/08/new-malware-pgmem-targets-postgresql.html

#GitHub has released critical fixes for 3 flaws in Enterprise Server, including CVE-2024-6800 (CVSS 9.5).

This flaw could allow attackers to gain admin privileges, posing serious risks to organizations using SAML SSO.

Details: https://thehackernews.com/2024/08/github-patches-critical-security-flaw.html

🚨 A critical flaw in LiteSpeed Cache plugin could allow attackers to gain admin access to WordPress sites.

This vulnerability (CVE-2024-28000) affects over 5 million sites, leaving businesses exposed to severe security risks.

Read: https://thehackernews.com/2024/08/critical-flaw-in-wordpress-litespeed.html

⚠️ URGENT: Google has urgently patched a critical Chrome flaw, CVE-2024-7971, that’s being actively exploited.

This #vulnerability could let attackers compromise your system via a malicious HTML page.

Details: https://thehackernews.com/2024/08/google-fixes-high-severity-chrome-flaw.html

Ensure your browser is updated now.

Discover how Zero-Trust Network Access (ZTNA) strengthens cybersecurity, reduces costs, and streamlines remote access.

Explore best practices for seamlessly integrating ZTNA into your existing security systems.

Read: https://thehackernews.com/expert-insights/2024/08/best-practices-for-integrating-ztna.html

"ALBeast," a new vulnerability, puts 15,000 Amazon Web Services' (AWS) applications at risk by allowing attackers to bypass authentication through a flaw in AWS's Application Load Balancer (ALB).

Learn more: https://thehackernews.com/2024/08/new-albeast-vulnerability-exposes.html

A China-linked threat group, Velvet Ant, has exploited a vulnerability (CVE-2024-20399) in Cisco switches as zero-day to gain control and evade detection.

Read: https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html

SolarWinds has released a critical patch for its Web Help Desk (WHD) software to fix a flaw (CVE-2024-28987) that could allow unauthorized remote access.

If you're using versions before 12.8.3 Hotfix 2, it's crucial to update immediately to avoid potential breaches.

Learn more: https://thehackernews.com/2024/08/hardcoded-credential-vulnerability.html

A critical backdoor in MIFARE Classic cards allows attackers to clone them and access secure areas within minutes, threatening businesses reliant on these systems.

Learn more: https://thehackernews.com/2024/08/hardware-backdoor-discovered-in-rfid.html

The U.S. has extradited and charged a key figure in the Karakurt cybercrime group, which has been stealing data, laundering ransom payments, and extorting victims since 2021.

Read: https://thehackernews.com/2024/08/latvian-hacker-extradited-to-us-for.html

A new malware, Cthulhu Stealer, is targeting Apple macOS, stealing credentials and cryptocurrency wallets. Sold for $500 a month as part of a malware-as-a-service (MaaS) model, it disguises itself as legitimate software like CleanMyMac.

Read: https://thehackernews.com/2024/08/new-macos-malware-cthulhu-stealer.html

Is your business continuity plan strong enough to survive a Microsoft 365 outage?

Learn how to secure your Microsoft 365 environment with advanced backup solutions, ensuring data resilience against cyberattacks and compliance risks.

Read: https://thehackernews.com/expert-insights/2024/08/how-to-modernize-your-microsoft-365.html

Ransomware evolves—Qilin's latest attack stole Google Chrome credentials by exploiting a Group Policy Object to run a PowerShell script at each login, exposing sensitive data.

Read: https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html