A $40B data analytics company suffered a major breach after a secret was accidentally shared in a Jira comment, underscoring the urgent need to rethink secret management as they spread across tools like Slack and Confluence, doubling the attack surface.
https://thehackernews.com/2024/09/secrets-exposed-why-your-ciso-should.html
https://thehackernews.com/2024/09/secrets-exposed-why-your-ciso-should.html
π€20π₯7π3π2
A new #malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN to deliver WikiLoader via SEO malvertising.
Learn more to update your defenses and stay ahead of these evolving threats: https://thehackernews.com/2024/09/hackers-use-fake-globalprotect-vpn.html
Learn more to update your defenses and stay ahead of these evolving threats: https://thehackernews.com/2024/09/hackers-use-fake-globalprotect-vpn.html
π16π5
Clearview AI has been hit with a β¬30.5M fine for scraping billions of facial images without consent. Dutch authorities are even investigating personal liability for Clearview's management.
Read: https://thehackernews.com/2024/09/clearview-ai-faces-305m-fine-for.html
Read: https://thehackernews.com/2024/09/clearview-ai-faces-305m-fine-for.html
π16π₯9π6π€―4
Zyxel has patched a critical #vulnerability (CVE-2024-7261) that allowed unauthenticated attackers to execute OS commands on certain routers and access points.
Learn more: https://thehackernews.com/2024/09/zyxel-patches-critical-os-command.html
Learn more: https://thehackernews.com/2024/09/zyxel-patches-critical-os-command.html
π15
Don't miss out on the upcoming webinar from Push Security demoing infostealers, showing how to steal cookies and hijack sessions for MFA-protected services like M365 and downstream SaaS apps.
Pick a time and register here: https://thn.news/infostealers-webinar-other
Pick a time and register here: https://thn.news/infostealers-webinar-other
π€8π₯6π3
Account takeover attacks are increasing in SaaS environments, with browsers being the key battleground. A new report highlights how browser security can prevent phishing, malicious extensions, and credential theft.
Learn more now: https://thehackernews.com/2024/09/the-new-effective-way-to-prevent.html
Learn more now: https://thehackernews.com/2024/09/the-new-effective-way-to-prevent.html
β‘10π2π₯1
North Korean hackers are using fake video conferencing apps, like FreeConference, in job interview scams to deliver malware capable of remote control, browser data theft, and cryptocurrency wallet hacking.
Read: https://thehackernews.com/2024/09/north-korean-hackers-targets-job.html
Read: https://thehackernews.com/2024/09/north-korean-hackers-targets-job.html
π€―16π₯5π3π2
New supply chain attack, Revival Hijack, could target 22,000+ PyPI packages, risking thousands of malicious downloads. Removed packages are being re-registered, exposing developers to supply chain risks. Check your DevOps pipelines!
https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html
https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html
π₯9π€―2π1π€1
Cisco has issued urgent updates for two critical flaws (CVSS 9.8) in its Smart Licensing Utility. These flaws (CVE-2024-20439 & CVE-2024-20440) let unauthenticated attackers elevate privileges or access sensitive data via crafted HTTP requests.
Read: https://thehackernews.com/2024/09/cisco-fixes-two-critical-flaws-in-smart.html
Read: https://thehackernews.com/2024/09/cisco-fixes-two-critical-flaws-in-smart.html
π6π₯5π±5
Earth Lusca's KTLVdoor malware targets Windows & #Linux, enabling file manipulation and remote scanning via 50+ command-and-control servers, likely shared with other threat actors.
Learn more: https://thehackernews.com/2024/09/new-cross-platform-malware-ktlvdoor.html
Learn more: https://thehackernews.com/2024/09/new-cross-platform-malware-ktlvdoor.html
π€8π±6π4π€―2π1
Researchers found hackers using MacroPack, a red teaming tool, to deploy advanced #malware like Havoc and PhantomCore. This global threat shows how attackers use legitimate software to bypass detection.
Read: https://thehackernews.com/2024/09/malware-attackers-using-macropack-to.html
Read: https://thehackernews.com/2024/09/malware-attackers-using-macropack-to.html
π9π₯6π5π4π€―1
π¨ Mindblowing numbers alert! π¨ According to recent research, 45% of employees still have access to their ex-employerβs data, and over 25% of companies have had their reputations damaged due to ex-employees misusing data after leaving the company π€‘
Want to make sure your organization doesnβt fall into this risky 1/3? Learn how to safeguard your data and create a bulletproof offboarding protocol in just 20 minutes! πΌ
Join ex-Google expert Ben King and the Zenphi team in a free webinar on βOffboarding in Google Workspaceβ. Get hands-on tips for:
β Automating access revokes
β Securing accounts post-departure
β Preventing unauthorized access
π Bonus: Register for free and receive an Employees offboarding checklist!
π‘This webinar will set you apart as a cybersecurity pro β donβt miss it : https://thn.news/offboarding-best-practices
Want to make sure your organization doesnβt fall into this risky 1/3? Learn how to safeguard your data and create a bulletproof offboarding protocol in just 20 minutes! πΌ
Join ex-Google expert Ben King and the Zenphi team in a free webinar on βOffboarding in Google Workspaceβ. Get hands-on tips for:
β Automating access revokes
β Securing accounts post-departure
β Preventing unauthorized access
π Bonus: Register for free and receive an Employees offboarding checklist!
π‘This webinar will set you apart as a cybersecurity pro β donβt miss it : https://thn.news/offboarding-best-practices
zenphi
Best Practices for Employee Offboarding in Google Workspace
Learn about the best practices of user offboarding from a Google Cloud security, ex-Google employee, and Zenphi Google Workspace experts
π16π5π€3π₯1
DOJ seized 32 pro-Russian propaganda domains that mimicked news outlets to spread disinformation. The goal: reduce global support for Ukraine and influence elections in the U.S. and abroad.
Learn more: https://thehackernews.com/2024/09/us-seizes-32-pro-russian-propaganda.html
Learn more: https://thehackernews.com/2024/09/us-seizes-32-pro-russian-propaganda.html
π₯19π9π€6π4π±1
9 Ways to Uncover Shadow AI
Discover how to enforce AI security best practices with this sample report from Wiz.
Read: https://thn.news/ai-security-assessment
Discover how to enforce AI security best practices with this sample report from Wiz.
Read: https://thn.news/ai-security-assessment
wiz.io
AI Security Posture Assessment Sample Report | Wiz
Wiz is the unified cloud security platform with prevention and response capabilities, enabling security and development teams to build faster and more securely.
π7π5
π NIST released CSF 2.0!
Itβs all about continuous improvement with proactive, ongoing cybersecurity. New guidance on emerging threats + a βGovernβ function to integrate cybersecurity into enterprise risk.
Is your org ready? Learn more: https://thehackernews.com/2024/09/nist-cybersecurity-framework-csf-and.html
Itβs all about continuous improvement with proactive, ongoing cybersecurity. New guidance on emerging threats + a βGovernβ function to integrate cybersecurity into enterprise risk.
Is your org ready? Learn more: https://thehackernews.com/2024/09/nist-cybersecurity-framework-csf-and.html
π12π6π₯4
β οΈ Veeam has patched 18 security flaws, including 5 critical ones allowing remote code execution (e.g., CVE-2024-40711 with a 9.8 CVSS score). Update now to protect your data.
Learn more: https://thehackernews.com/2024/09/veeam-releases-security-updates-to-fix.html
Learn more: https://thehackernews.com/2024/09/veeam-releases-security-updates-to-fix.html
π11π2π₯1
Tropic Trooper is back, targeting government entities in the Middle East and Malaysia with new cyber tactics! Detected in June 2024, this group has shifted focus to human rights studiesβescalating the risk.
Find details here: https://thehackernews.com/2024/09/chinese-speaking-hacker-group-targets.html
Find details here: https://thehackernews.com/2024/09/chinese-speaking-hacker-group-targets.html
π8π2π₯2π±2β‘1
Telegramβs CEO, Pavel Durov, speaks out after his arrest in France, calling the charges misguided.
Read: https://thehackernews.com/2024/09/paul-durov-criticizes-outdated-laws.html
Read: https://thehackernews.com/2024/09/paul-durov-criticizes-outdated-laws.html
π39π₯11π10β‘5
Apache OFBiz just patched a high-severity #vulnerability (CVE-2024-45195) that allowed unauthenticated remote code execution.
Read: https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html
Read: https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html
π11π3
New LiteSpeed Cache flaw (CVE-2024-44000) risks unauthorized access to WordPress sites via exposed debug logs.
Read: https://thehackernews.com/2024/09/critical-security-flaw-found-in.html
Even old logs can be exploited. Update and purge now!
Read: https://thehackernews.com/2024/09/critical-security-flaw-found-in.html
Even old logs can be exploited. Update and purge now!
π14π€6π2π₯1
GitHub Actions users are vulnerable to typosquatting, where simple misspellings (e.g. "actons/checkout") can run malicious code, compromising software supply chains.
Read: https://thehackernews.com/2024/09/github-actions-vulnerable-to.html
Protect your codeβdouble-check your CI/CD pipelines!
Read: https://thehackernews.com/2024/09/github-actions-vulnerable-to.html
Protect your codeβdouble-check your CI/CD pipelines!
π10π5π₯4π€3β‘1