The SEC penalizes four companies—Avaya, Check Point, Mimecast, and Unisys—for misleading investors following the 2020 SolarWinds cyberattack.

Learn more: https://thehackernews.com/2024/10/sec-charges-4-companies-over-misleading.html

🔒 Apple has launched its Private Cloud Compute Virtual Research Environment (VRE) for security researchers to validate its #privacy and security claims.

It offers rewards between $50,000 and $1,000,000 for identifying flaws.

Read: https://thehackernews.com/2024/10/apple-opens-pcc-source-code-for.html

Attention: CVE-2024-41992 #vulnerability in Wi-Fi Test Suite could give attackers full control over Arcadyan routers. The flaw allows for command injection, enabling full administrative access.

Find details here → https://thehackernews.com/2024/10/researchers-discover-command-injection.html

🚨 Four members of the notorious REvil ransomware gang have been sentenced in Russia, a rare conviction in the cybercrime world.

Read 👉 https://thehackernews.com/2024/10/four-revil-ransomware-members-sentenced.html

⚠️ CERT-UA warns of a sophisticated email attack using RDP files to breach sensitive systems in Ukraine.

Read: https://thehackernews.com/2024/10/cert-ua-identifies-malicious-rdp-files.html

Explore the rise of AI impersonation fraud and its implications for cybersecurity.

Learn how to safeguard your organization against these emerging threats.

Read: https://thehackernews.com/2024/10/eliminating-ai-deepfake-threats-is-your.html

TeamTNT shifts tactics to target Docker environments for #cryptocurrency mining by exploiting exposed daemons to deploy malware and cryptominers.

Read: https://thehackernews.com/2024/10/notorious-hacker-group-teamtnt-launches.html

A new attack technique bypasses Microsoft's Driver Signature Enforcement on fully patched Windows systems, enabling attackers to load unsigned kernel drivers and compromising the integrity of OS security.

Learn more: https://thehackernews.com/2024/10/researchers-uncover-os-downgrade.html

A staggering 10-fold increase in phishing pages created with Webflow has been observed, targeting over 120 organizations globally.

Discover how to stay ahead of evolving threats: https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html

🦹‍♂️ AI manipulation, 🌩️ cloud storage flaws, and a major 💣 AWS vulnerability - this week's cybersecurity recap is packed!

https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_28.html

Don't let your friends and colleagues fall victim to the latest cyber threats. Share this newsletter with them, it's a must-read!

⚠️ Alert for developers - Three packages found to contain the BeaverTail #malware linked to North Korean cyber campaigns.

Find details here: https://thehackernews.com/2024/10/beavertail-malware-resurfaces-in.html

⚠️ Russian espionage group UNC5812 is using Telegram to deliver #malware designed to undermine military recruitment in Ukraine.

Threats like SUNSPINNER and CraxsRAT exploit vulnerabilities in #Android and Windows.

Read: https://thehackernews.com/2024/10/russian-espionage-group-targets.html

🚨 New OT security threats are emerging as ships and cranes become more digital.

Find out how SSH’s PrivX OT Edition can help tackle these challenges in marine and industrial operations.

Read: https://thehackernews.com/2024/10/sailing-seven-seas-securely-from-port.html

🚨 Evasive Panda has targeted a government entity in Taiwan with the newly discovered CloudScout toolset, capable of hijacking authenticated sessions to steal sensitive data from cloud services.

Read: https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html

New research reveals that AMD and Intel processors remain vulnerable to speculative execution attacks—more than six years after the Spectre flaw was identified, despite existing mitigations.

Learn more: https://thehackernews.com/2024/10/new-research-reveals-spectre.html

🛡️ The U.S. government has released new guidance on the Traffic Light Protocol (TLP) to enhance controlled sharing of threat intelligence, enabling organizations to protect sensitive data while responding to cyber threats.

Learn more: https://thehackernews.com/2024/10/us-government-issues-new-tlp-guidance.html

⚠️ Dutch National Police have disrupted RedLine and MetaStealer, two notorious information stealers.

Over 1,200 servers across multiple countries were involved, showcasing the vast infrastructure that supports these cyber threats.

Read: https://thehackernews.com/2024/10/dutch-police-disrupt-major-info.html

💡 Discover how exposure validation can help cybersecurity teams focus on critical vulnerabilities, optimizing resources and improving security posture.

Read: https://thehackernews.com/2024/10/a-sherlock-holmes-approach-to.html

Ensure that your data stays secure in a constantly shifting environment.

Data Detection & Response (DDR) provides real-time protection by detecting threats and stopping data breaches before they happen.

Learn more in Sentra Security's guide: https://thn.news/data-detection-response-sentra

🚨 Over three dozen security flaws found in popular open-source AI models could lead to severe risks, including remote code execution and data theft.

Read: https://thehackernews.com/2024/10/researchers-uncover-vulnerabilities-in.html

Researchers have uncovered a malicious Python package posing as a #cryptocurrency trading tool. Downloaded over 1,300 times before removal, this #malware affects Windows and macOS systems.

Read: https://thehackernews.com/2024/10/researchers-uncover-python-package.html