Adding more cybersecurity tools increases third-party risk and widens your attack surface. Each new tool can expose you to vendor vulnerabilities.

Rethink your strategy—adopt smarter, holistic approaches for true security.

Learn more: https://thehackernews.com/2024/09/one-more-tool-will-do-it-reflecting-on.html

🔥 New "RAMBO" attack uses radio signals from a device’s RAM to steal sensitive data, including keystrokes, encryption keys, & biometrics. Attackers can intercept this data with off-the-shelf radio gear.

Learn more: https://thehackernews.com/2024/09/new-rambo-attack-uses-ram-radio-signals.html

Become a leader in cybersecurity risk management with Georgetown. Learn more in our webinar on September 18.

Sign up: https://thn.news/cyber-risk-webinar-ig

FinTech, Healthcare & SaaS thrive on data—so do cybercriminals.

As digital ecosystems grow complex, non-human identities like API keys and bots are key targets. Secure them to protect sensitive data and build trust.

Learn more: https://thehackernews.com/expert-insights/2024/09/fintech-healthcare-saas-need-non-human.html

Mustang Panda upgrades its #malware arsenal with new tools like FDMTP & PTSOCKET, boosting data theft and espionage across APAC.

Learn how these advanced attacks may impact your organization: https://thehackernews.com/2024/09/mustang-panda-deploys-advanced-malware.html

⚡ A new side-channel attack, PIXHELL, exploits audio gaps in air-gapped computers to steal data through LCD screen noises.

By manipulating pixel patterns on the screen, hackers can generate acoustic signals to exfiltrate sensitive data.

Read: https://thehackernews.com/2024/09/new-pixhell-attack-exploits-screen.html

🚨 China-linked hackers launch new attacks across SE Asia, codenamed "Crimson Palace."

Using C2 relay points to deliver malware, they exploit trusted networks. New malware like TattleTale is collecting sensitive browser & network data.

https://thehackernews.com/2024/09/experts-identify-3-chinese-linked.html

🔥 Shadow apps are silently expanding your organization’s attack surface, and most IT teams aren’t even aware.

Proactive measures, like using SSPM, can help security teams detect and mitigate shadow app risks.

Learn more: https://thehackernews.com/2024/09/shining-light-on-shadow-apps-invisible.html

CosmicBeetle launches ScRansom, new #ransomware hitting SMBs globally. Linked to RansomHub, it targets manufacturing, healthcare, tech & more. Exploits vulnerabilities for sophisticated attacks.

Learn more: https://thehackernews.com/2024/09/cosmicbeetle-deploys-custom-scransom.html

Ivanti issued updates for 10 critical Endpoint Manager vulnerabilities, including CVE-2024-29847 (CVSS 10.0), which allows remote code execution.

Details: https://thehackernews.com/2024/09/ivanti-releases-urgent-security-updates.html

No known exploits yet, but updates are essential. Don't delay!

#Microsoft’s September Patch Tuesday addresses 79 vulnerabilities, including 7 critical ones, with 3 under active attack. CVE-2024-43491 (CVSS 9.8) is a major threat with remote code execution risk.

Details here: https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html

Patch your systems immediately!

North Korean hackers are targeting developers through job interviews by embedding malware in coding assessments, exploiting job seekers' focus to compromise their systems.

Learn more: https://thehackernews.com/2024/09/developers-beware-lazarus-group-uses.html

Microsoft 365’s Shared Responsibility Model means YOU must protect your data, not Microsoft. Assuming they handle backups can lead to costly mistakes.

A proactive strategy can save you from compliance breaches & losses.

Read > https://thehackernews.com/expert-insights/2024/08/how-to-modernize-your-microsoft-365.html

⚠️ Singapore authorities arrest six individuals, including five Chinese nationals, linked to a global #cybercrime syndicate.

Laptops, phones, cash & over $850,000 in #cryptocurrency seized—showing the scale of the operation.

Learn more: https://thehackernews.com/2024/09/singapore-police-arrest-six-for-alleged.html

Passwords are risky—80% of breaches stem from weak or reused credentials. Passwordless isn’t a cure-all. Legacy systems & biometric privacy pose challenges.

Strengthen security with strong passwords + MFA.

Act now: https://thehackernews.com/2024/09/why-is-it-so-challenging-to-go.html

🔴 A "Chinese-speaking actor" is behind DragonRank, targeting IIS servers with BadIIS malware for SEO fraud.

Multiple industries, from healthcare to IT, are affected through vulnerable web apps like WordPress and phpMyAdmin.

Learn more: https://thehackernews.com/2024/09/dragonrank-black-hat-seo-campaign.html

🚀 vPenTest is the G2 Leader for Network Penetration Testing! 🚀

Trust isn’t given, it’s earned—and vPenTest from Vonahi Security has proven its worth! Thanks to outstanding reviews and high ratings from real users on G2, we’ve secured the top spot for Network Penetration Testing.

Want to see why? Experience the power of automated pentesting!

Schedule a free demo > https://thn.news/vpentest-network

⚠️ Quad7 botnet is rapidly compromising SOHO routers and VPNs from TP-LINK, Zyxel, Asus, and NETGEAR. Its new stealthy backdoor increases risks for businesses, especially with remote work setups.

Learn more: https://thehackernews.com/2024/09/quad7-botnet-expands-to-target-soho.html

Starting Oct 1, 2024, WordPress~org will mandate 2FA for accounts updating plugins/themes due to rising attacks on repositories. SVN passwords will add another layer of protection by securing commit access without exposing main credentials.

https://thehackernews.com/2024/09/wordpress-mandates-two-factor.html

Ireland’s Data Protection Commission (DPC) has launched a cross-border inquiry into Google’s AI model (PaLM 2) to investigate compliance with data protection laws.

Learn more: https://thehackernews.com/2024/09/irelands-watchdog-launches-inquiry-into.html

⚠️ Iranian APT OilRig is targeting Iraqi government networks with new malware Veaty and Spearal, using DNS tunneling and email-based C2 channels to infiltrate systems.

Learn more: https://thehackernews.com/2024/09/iranian-cyber-group-oilrig-targets.html