A South Korea-aligned cyber espionage group, APT-C-60, has exploited a critical flaw in Kingsoft WPS Office to deploy the SpyGlace backdoor.

Read: https://thehackernews.com/2024/08/apt-c-60-group-exploit-wps-office-flaw.html

Ensure your security teams are updated on CVE-2024-7262 and CVE-2024-7263.

🚨 A critical vulnerability in Fortra's FileCatalyst Workflow, tracked as CVE-2024-6633, exposes users to remote admin access attacks.

Severity Level: CVSS 9.8

Learn more: https://thehackernews.com/2024/08/fortra-issues-patch-for-high-risk.html

If you haven’t patched your system yet, do it NOW.

Pavel Durov, CEO of #Telegram, has been formally charged by French prosecutors for facilitating criminal activities on the platform.

Learn about the investigation and its implications: https://thehackernews.com/2024/08/french-authorities-charge-telegram-ceo.html

🚨 A severe vulnerability in AVTECH IP cameras (CVE-2024-7029) is now being weaponized by hackers, creating a botnet. Unpatched & easily exploitable, this flaw poses a massive risk to commercial, financial, and healthcare sectors.

Read: https://thehackernews.com/2024/08/unpatched-avtech-ip-camera-flaw.html

🔒 U.S. agencies have identified an Iranian hacking group, Pioneer Kitten, as the force behind a wave of ransomware attacks.

Key sectors like education, healthcare, and defense are under fire, with sensitive data hanging in the balance.

Read: https://thehackernews.com/2024/08/us-agencies-warn-of-iranian-hacking.html

🛡️ Cybersecurity experts weigh in on why the SBOM is not enough.

While the SBOM is a foundational first step towards bringing transparency to the internal components of business-critical software, it is, at its core, just a simple list of ingredients.

Learn how organizations can go beyond the SBOM and adopt a more comprehensive software risk assessment in the latest webinar from ReversingLabs: https://thn.news/dont-stop-sbom

Researchers uncovered attacks exploiting Safari and Chrome flaws, linked to Russian APT29, using watering hole tactics on Mongolian government sites.

Read: https://thehackernews.com/2024/08/russian-hackers-exploit-safari-and.html

APT32 has been exploiting spear-phishing to infiltrate and compromise a Vietnamese human rights organization for over four years. They deployed Cobalt Strike Beacons to steal sensitive data, including Google Chrome cookies and personal information.

Read: https://thehackernews.com/2024/08/vietnamese-human-rights-group-targeted.html

AitM phishing attacks are bypassing MFA, EDR, and email filters with alarming success. These attacks hijack live sessions, giving attackers control of critical accounts. Is your business ready?

Review your security protocols now: https://thehackernews.com/2024/08/how-to-stop-aitm-phishing-attack.html

A critical security flaw in Atlassian Confluence has been exploited for cryptocurrency mining. This vulnerability, CVE-2023-22527, allows unauthorized access, leading to potential severe financial and operational damage.

Read: https://thehackernews.com/2024/08/atlassian-confluence-vulnerability.html

Chinese-speaking users are the target of a sophisticated cyberattack involving Cobalt Strike. The attackers used phishing emails with malicious ZIP files, initiating a stealthy infection that compromised systems for over two weeks.

Read: https://thehackernews.com/2024/08/new-cyberattack-targets-chinese.html

North Korean threat actors are publishing malicious packages on the npm registry targeting developers and stealing #cryptocurrency.

Read: https://thehackernews.com/2024/08/north-korean-hackers-target-developers.html

It's time to double-check your dependencies! Be proactive in securing your development environment.

SANS Institute has released a new strategy guide highlighting a 50% rise in ransomware attacks on Industrial Control Systems (ICS) in 2023. The guide details five critical controls essential for safeguarding ICS environments.

Read: https://thehackernews.com/2024/08/sans-institute-unveils-critical.html

Iranian threat group GreenCharlie is ramping up phishing attacks, targeting U.S. political campaigns with new network infrastructure.

Read: https://thehackernews.com/2024/08/iranian-hackers-set-up-new-network-to.html

Stay vigilant, regularly update your security protocols, and educate your teams on the latest phishing tactics.

A new #malware campaign is exploiting #GoogleSheets as a command-and-control (C2) tool, targeting over 70 global organizations across various sectors. The attackers, posing as tax authorities, deploy the Voldemort malware to steal data.

Read more: https://thehackernews.com/2024/08/cyberattackers-exploit-google-sheets.html

A critical zero-day vulnerability in Google Chrome has been exploited by North Korean actors to deploy the FudModule rootkit.

#Microsoft links the attack to a Lazarus Group subgroup, notorious for advanced cyber campaigns.

https://thehackernews.com/2024/08/north-korean-hackers-deploy-fudmodule.html

Roblox developers targeted by malicious npm packages mimicking popular libraries. Attackers employed techniques like brandjacking and starjacking to make the packages seem legitimate, leading to significant security breaches.

Read: https://thehackernews.com/2024/09/malicious-npm-packages-mimicking.html

RansomHub has compromised data from over 210 victims across critical sectors, using double extortion and intermittent encryption to challenge cybersecurity teams.

Learn more: https://thehackernews.com/2024/09/ransomhub-ransomware-group-targets-210.html

A former employee attempted to extort $750,000 from his previous employer by threatening to shut down servers and delete backups. He faces 35 years for hacking, sabotage, and wire fraud charges.

Learn more: https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html

FBI and CISA issue urgent ransomware advisory; CISOs stress adopting phishing-resistant MFA to counter AI-driven cyber threats.

Don’t wait until it’s too late. Act now to protect your organization

Read on > https://thehackernews.com/2024/09/next-generation-attacks-same-targets.html

🔒 AI is set to transform how we manage vulnerabilities.

Join this online webinar to discover how AI is revolutionizing vulnerability management by identifying, prioritizing, and remediating security risks faster and more efficiently.

🔥 Watch now: https://thehackernews.com/2024/09/webinar-learn-to-boost-cybersecurity.html