⚠️ Progress Software has released security updates for a critical vulnerability (CVE-2024-7591) in LoadMaster & Multi-Tenant hypervisors, allowing unauthenticated attackers to execute system commands.

https://thehackernews.com/2024/09/progress-software-issues-patch-for.html

Don’t risk your infrastructure. Update systems now!

With businesses relying on SaaS tools like Microsoft 365, attackers are targeting platforms like Teams & SharePoint.

Implementing MFA and AI-driven detection is crucial for data resilience.

Ready to defend? Start here: https://thehackernews.com/expert-insights/2024/09/achieving-data-resilience-in-microsoft.html

Mustang Panda APT is exploiting VS Code to target Southeast Asian governments. It allows hackers to run commands, steal data, and spread malware via VS Code’s reverse shell.

Read for details: https://thehackernews.com/2024/09/chinese-hackers-exploit-visual-studio.html

Strengthen defenses now—monitor for these tactics!

Blind Eagle APT targets Colombia’s insurance sector with custom Quasar RAT via phishing and Google Drive.

Learn more: https://thehackernews.com/2024/09/blind-eagle-targets-colombian-insurance.html

Sensitive data at risk—secure your systems and train employees to spot threats.

Introducing Wing Security's SaaS Pulse—a FREE tool for continuous SaaS risk management! Stay ahead of risks like leaked credentials & shadow IT with automated monitoring.

Learn more: https://thehackernews.com/2024/09/wing-security-saas-pulse-continuous.html

Start securing your SaaS stack today.

Adding more cybersecurity tools increases third-party risk and widens your attack surface. Each new tool can expose you to vendor vulnerabilities.

Rethink your strategy—adopt smarter, holistic approaches for true security.

Learn more: https://thehackernews.com/2024/09/one-more-tool-will-do-it-reflecting-on.html

🔥 New "RAMBO" attack uses radio signals from a device’s RAM to steal sensitive data, including keystrokes, encryption keys, & biometrics. Attackers can intercept this data with off-the-shelf radio gear.

Learn more: https://thehackernews.com/2024/09/new-rambo-attack-uses-ram-radio-signals.html

Become a leader in cybersecurity risk management with Georgetown. Learn more in our webinar on September 18.

Sign up: https://thn.news/cyber-risk-webinar-ig

FinTech, Healthcare & SaaS thrive on data—so do cybercriminals.

As digital ecosystems grow complex, non-human identities like API keys and bots are key targets. Secure them to protect sensitive data and build trust.

Learn more: https://thehackernews.com/expert-insights/2024/09/fintech-healthcare-saas-need-non-human.html

Mustang Panda upgrades its #malware arsenal with new tools like FDMTP & PTSOCKET, boosting data theft and espionage across APAC.

Learn how these advanced attacks may impact your organization: https://thehackernews.com/2024/09/mustang-panda-deploys-advanced-malware.html

⚡ A new side-channel attack, PIXHELL, exploits audio gaps in air-gapped computers to steal data through LCD screen noises.

By manipulating pixel patterns on the screen, hackers can generate acoustic signals to exfiltrate sensitive data.

Read: https://thehackernews.com/2024/09/new-pixhell-attack-exploits-screen.html

🚨 China-linked hackers launch new attacks across SE Asia, codenamed "Crimson Palace."

Using C2 relay points to deliver malware, they exploit trusted networks. New malware like TattleTale is collecting sensitive browser & network data.

https://thehackernews.com/2024/09/experts-identify-3-chinese-linked.html

🔥 Shadow apps are silently expanding your organization’s attack surface, and most IT teams aren’t even aware.

Proactive measures, like using SSPM, can help security teams detect and mitigate shadow app risks.

Learn more: https://thehackernews.com/2024/09/shining-light-on-shadow-apps-invisible.html

CosmicBeetle launches ScRansom, new #ransomware hitting SMBs globally. Linked to RansomHub, it targets manufacturing, healthcare, tech & more. Exploits vulnerabilities for sophisticated attacks.

Learn more: https://thehackernews.com/2024/09/cosmicbeetle-deploys-custom-scransom.html

Ivanti issued updates for 10 critical Endpoint Manager vulnerabilities, including CVE-2024-29847 (CVSS 10.0), which allows remote code execution.

Details: https://thehackernews.com/2024/09/ivanti-releases-urgent-security-updates.html

No known exploits yet, but updates are essential. Don't delay!

#Microsoft’s September Patch Tuesday addresses 79 vulnerabilities, including 7 critical ones, with 3 under active attack. CVE-2024-43491 (CVSS 9.8) is a major threat with remote code execution risk.

Details here: https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html

Patch your systems immediately!

North Korean hackers are targeting developers through job interviews by embedding malware in coding assessments, exploiting job seekers' focus to compromise their systems.

Learn more: https://thehackernews.com/2024/09/developers-beware-lazarus-group-uses.html

Microsoft 365’s Shared Responsibility Model means YOU must protect your data, not Microsoft. Assuming they handle backups can lead to costly mistakes.

A proactive strategy can save you from compliance breaches & losses.

Read > https://thehackernews.com/expert-insights/2024/08/how-to-modernize-your-microsoft-365.html

⚠️ Singapore authorities arrest six individuals, including five Chinese nationals, linked to a global #cybercrime syndicate.

Laptops, phones, cash & over $850,000 in #cryptocurrency seized—showing the scale of the operation.

Learn more: https://thehackernews.com/2024/09/singapore-police-arrest-six-for-alleged.html

Passwords are risky—80% of breaches stem from weak or reused credentials. Passwordless isn’t a cure-all. Legacy systems & biometric privacy pose challenges.

Strengthen security with strong passwords + MFA.

Act now: https://thehackernews.com/2024/09/why-is-it-so-challenging-to-go.html

🔴 A "Chinese-speaking actor" is behind DragonRank, targeting IIS servers with BadIIS malware for SEO fraud.

Multiple industries, from healthcare to IT, are affected through vulnerable web apps like WordPress and phpMyAdmin.

Learn more: https://thehackernews.com/2024/09/dragonrank-black-hat-seo-campaign.html