Iranian threat group GreenCharlie is ramping up phishing attacks, targeting U.S. political campaigns with new network infrastructure.

Read: https://thehackernews.com/2024/08/iranian-hackers-set-up-new-network-to.html

Stay vigilant, regularly update your security protocols, and educate your teams on the latest phishing tactics.

A new #malware campaign is exploiting #GoogleSheets as a command-and-control (C2) tool, targeting over 70 global organizations across various sectors. The attackers, posing as tax authorities, deploy the Voldemort malware to steal data.

Read more: https://thehackernews.com/2024/08/cyberattackers-exploit-google-sheets.html

A critical zero-day vulnerability in Google Chrome has been exploited by North Korean actors to deploy the FudModule rootkit.

#Microsoft links the attack to a Lazarus Group subgroup, notorious for advanced cyber campaigns.

https://thehackernews.com/2024/08/north-korean-hackers-deploy-fudmodule.html

Roblox developers targeted by malicious npm packages mimicking popular libraries. Attackers employed techniques like brandjacking and starjacking to make the packages seem legitimate, leading to significant security breaches.

Read: https://thehackernews.com/2024/09/malicious-npm-packages-mimicking.html

RansomHub has compromised data from over 210 victims across critical sectors, using double extortion and intermittent encryption to challenge cybersecurity teams.

Learn more: https://thehackernews.com/2024/09/ransomhub-ransomware-group-targets-210.html

A former employee attempted to extort $750,000 from his previous employer by threatening to shut down servers and delete backups. He faces 35 years for hacking, sabotage, and wire fraud charges.

Learn more: https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html

FBI and CISA issue urgent ransomware advisory; CISOs stress adopting phishing-resistant MFA to counter AI-driven cyber threats.

Don’t wait until it’s too late. Act now to protect your organization

Read on > https://thehackernews.com/2024/09/next-generation-attacks-same-targets.html

🔒 AI is set to transform how we manage vulnerabilities.

Join this online webinar to discover how AI is revolutionizing vulnerability management by identifying, prioritizing, and remediating security risks faster and more efficiently.

🔥 Watch now: https://thehackernews.com/2024/09/webinar-learn-to-boost-cybersecurity.html

Eight vulnerabilities have been identified in Microsoft apps for macOS (like Outlook, Teams, and OneNote) that could allow attackers to bypass security controls.

Read details here: https://thehackernews.com/2024/09/new-flaws-in-microsoft-macos-apps-could.html

Brazil faces a new wave of cyberattacks targeting mobile users with Rocinante, an Android banking trojan.

Read: https://thehackernews.com/2024/09/rocinante-trojan-poses-as-banking-apps.html

Act now—educate your teams about this threat and review your security protocols.

A new #ransomware variant, Cicada3301, is making headlines for its advanced tactics and SMB focus. Cicada3301 not only targets Windows and #Linux/ESXi systems but also embeds compromised user credentials for further exploitation.

https://thehackernews.com/2024/09/new-rust-based-ransomware-cicada3301.html

A hacktivist group called Head Mare has been linked to sophisticated cyberattacks targeting organizations in Russia and Belarus. Victims span industries like government, energy, and manufacturing.

Read: https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html

A $40B data analytics company suffered a major breach after a secret was accidentally shared in a Jira comment, underscoring the urgent need to rethink secret management as they spread across tools like Slack and Confluence, doubling the attack surface.

https://thehackernews.com/2024/09/secrets-exposed-why-your-ciso-should.html

A new #malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN to deliver WikiLoader via SEO malvertising.

Learn more to update your defenses and stay ahead of these evolving threats: https://thehackernews.com/2024/09/hackers-use-fake-globalprotect-vpn.html

Clearview AI has been hit with a €30.5M fine for scraping billions of facial images without consent. Dutch authorities are even investigating personal liability for Clearview's management.

Read: https://thehackernews.com/2024/09/clearview-ai-faces-305m-fine-for.html

Zyxel has patched a critical #vulnerability (CVE-2024-7261) that allowed unauthenticated attackers to execute OS commands on certain routers and access points.

Learn more: https://thehackernews.com/2024/09/zyxel-patches-critical-os-command.html

Don't miss out on the upcoming webinar from Push Security demoing infostealers, showing how to steal cookies and hijack sessions for MFA-protected services like M365 and downstream SaaS apps.

Pick a time and register here: https://thn.news/infostealers-webinar-other

Account takeover attacks are increasing in SaaS environments, with browsers being the key battleground. A new report highlights how browser security can prevent phishing, malicious extensions, and credential theft.

Learn more now: https://thehackernews.com/2024/09/the-new-effective-way-to-prevent.html

North Korean hackers are using fake video conferencing apps, like FreeConference, in job interview scams to deliver malware capable of remote control, browser data theft, and cryptocurrency wallet hacking.

Read: https://thehackernews.com/2024/09/north-korean-hackers-targets-job.html

New supply chain attack, Revival Hijack, could target 22,000+ PyPI packages, risking thousands of malicious downloads. Removed packages are being re-registered, exposing developers to supply chain risks. Check your DevOps pipelines!
https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html

Cisco has issued urgent updates for two critical flaws (CVSS 9.8) in its Smart Licensing Utility. These flaws (CVE-2024-20439 & CVE-2024-20440) let unauthenticated attackers elevate privileges or access sensitive data via crafted HTTP requests.

Read: https://thehackernews.com/2024/09/cisco-fixes-two-critical-flaws-in-smart.html