New malware PG_MEM targets PostgreSQL databases with weak passwords, exploiting features to mine cryptocurrency and potentially control servers.

Once inside, attackers can deploy malware, steal data, and even control the server.

Read: https://thehackernews.com/2024/08/new-malware-pgmem-targets-postgresql.html

#GitHub has released critical fixes for 3 flaws in Enterprise Server, including CVE-2024-6800 (CVSS 9.5).

This flaw could allow attackers to gain admin privileges, posing serious risks to organizations using SAML SSO.

Details: https://thehackernews.com/2024/08/github-patches-critical-security-flaw.html

🚨 A critical flaw in LiteSpeed Cache plugin could allow attackers to gain admin access to WordPress sites.

This vulnerability (CVE-2024-28000) affects over 5 million sites, leaving businesses exposed to severe security risks.

Read: https://thehackernews.com/2024/08/critical-flaw-in-wordpress-litespeed.html

⚠️ URGENT: Google has urgently patched a critical Chrome flaw, CVE-2024-7971, that’s being actively exploited.

This #vulnerability could let attackers compromise your system via a malicious HTML page.

Details: https://thehackernews.com/2024/08/google-fixes-high-severity-chrome-flaw.html

Ensure your browser is updated now.

Discover how Zero-Trust Network Access (ZTNA) strengthens cybersecurity, reduces costs, and streamlines remote access.

Explore best practices for seamlessly integrating ZTNA into your existing security systems.

Read: https://thehackernews.com/expert-insights/2024/08/best-practices-for-integrating-ztna.html

"ALBeast," a new vulnerability, puts 15,000 Amazon Web Services' (AWS) applications at risk by allowing attackers to bypass authentication through a flaw in AWS's Application Load Balancer (ALB).

Learn more: https://thehackernews.com/2024/08/new-albeast-vulnerability-exposes.html

A China-linked threat group, Velvet Ant, has exploited a vulnerability (CVE-2024-20399) in Cisco switches as zero-day to gain control and evade detection.

Read: https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html

SolarWinds has released a critical patch for its Web Help Desk (WHD) software to fix a flaw (CVE-2024-28987) that could allow unauthorized remote access.

If you're using versions before 12.8.3 Hotfix 2, it's crucial to update immediately to avoid potential breaches.

Learn more: https://thehackernews.com/2024/08/hardcoded-credential-vulnerability.html

A critical backdoor in MIFARE Classic cards allows attackers to clone them and access secure areas within minutes, threatening businesses reliant on these systems.

Learn more: https://thehackernews.com/2024/08/hardware-backdoor-discovered-in-rfid.html

The U.S. has extradited and charged a key figure in the Karakurt cybercrime group, which has been stealing data, laundering ransom payments, and extorting victims since 2021.

Read: https://thehackernews.com/2024/08/latvian-hacker-extradited-to-us-for.html

A new malware, Cthulhu Stealer, is targeting Apple macOS, stealing credentials and cryptocurrency wallets. Sold for $500 a month as part of a malware-as-a-service (MaaS) model, it disguises itself as legitimate software like CleanMyMac.

Read: https://thehackernews.com/2024/08/new-macos-malware-cthulhu-stealer.html

Is your business continuity plan strong enough to survive a Microsoft 365 outage?

Learn how to secure your Microsoft 365 environment with advanced backup solutions, ensuring data resilience against cyberattacks and compliance risks.

Read: https://thehackernews.com/expert-insights/2024/08/how-to-modernize-your-microsoft-365.html

Ransomware evolves—Qilin's latest attack stole Google Chrome credentials by exploiting a Group Policy Object to run a PowerShell script at each login, exposing sensitive data.

Read: https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html

⚡ Imagine every essential cybersecurity tool at your fingertips—unified in one intuitive platform, with 24/7 expert support.

Join our webinar for a no-nonsense demo & discover how to achieve total protection with an All-in-One solution.

Don't miss it: https://thehackernews.com/2024/08/webinar-experience-power-of-must-have.html

New vulnerabilities emerge every hour. Discover how exposure management enhances cybersecurity, prioritizes vulnerabilities, and optimizes security efforts.

Learn steps for implementation: https://thehackernews.com/2024/08/focus-on-what-matters-most-exposure.html

PEAKLIGHT, a new memory-only dropper, is deploying malware on Windows systems via pirated movie files. It uses PowerShell scripts to install information stealers like Lumma Stealer and CryptBot.

Read: https://thehackernews.com/2024/08/new-peaklight-dropper-deployed-in.html

Iranian state-backed hackers, APT42, have been caught using WhatsApp to target high-profile individuals worldwide.

U.S. accuses Iran of election interference attempts.

Read: https://thehackernews.com/2024/08/meta-exposes-iranian-hacker-group.html

Stay one step ahead—knowledge is your best defense.

CISA has added a new #vulnerability in Versa Director (CVE-2024-39717) to its Known Exploited Vulnerabilities catalog due to active exploitation.

This flaw lets attackers upload malicious files, posing a serious threat to organizations.

Read: https://thehackernews.com/2024/08/cisa-urges-federal-agencies-to-patch.html

'Sedexp' Linux malware identified—targeting financial systems by hiding credit card skimmers. Sedexp leverages udev rules for persistence, triggering its malicious actions upon every system reboot.

Learn more: https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html

🔥 Telegram founder Pavel Durov has been arrested in France due to the platform's content moderation failures, which have been linked to widespread cybercrime and illegal activities.

Read details: https://thehackernews.com/2024/08/telegram-founder-pavel-durov-arrested.html

🚨 Researchers have uncovered NGate, a new Android malware that relays NFC payment data to attackers. Targeting Czech banks, it clones payment cards and withdraws funds from ATMs.

Read: https://thehackernews.com/2024/08/new-android-malware-ngate-steals-nfc.html