🔒 ZLoader #malware is back—with a stealthy upgrade. The latest version employs DNS tunneling for encrypted communication, raising the stakes for detection efforts.

This isn’t just an update; ZLoader now includes an interactive shell capable of executing over a dozen commands, a game-changer for #ransomware attacks.

Dive into the details. https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html

🚨 A security flaw, dubbed AuthQuake, in Microsoft’s Multi-Factor Authentication (MFA) allowed attackers to bypass protection within an hour – no alerts, no interaction required.

Get the full story here: https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html

🚨 A trusted Windows feature, UI Automation, can be exploited by #malware to bypass EDR detection, execute stealthy commands, and steal data undetected.

🔗 Explore how this attack works: https://thehackernews.com/2024/12/new-malware-technique-could-exploit.html

A Russian state-sponsored group, Secret Blizzard, is leveraging other hackers’ #malware to deploy its tools in Ukraine, raising the stakes in cyber warfare.

Read the full story: https://thehackernews.com/2024/12/secret-blizzard-deploys-kazuar-backdoor.html

🚨 Operation PowerOFF — Global law enforcement just shut down 27 DDoS-for-hire platforms, dismantling major stresser services used by cybercriminals to disrupt websites.

Over 300 users and 3 admins are under investigation, with arrests made in France and Germany.

Read: https://thehackernews.com/2024/12/europol-dismantles-27-ddos-attack.html

Did you know? Your team could be using dozens of SaaS tools you’re unaware of—right now!

Unapproved apps, duplicate tenants, and risky OAuth grants are just the tip of the iceberg. Discover how Nudge Security is revolutionizing SaaS visibility and governance.

Read more about the solution here: https://thehackernews.com/2024/01/what-is-nudge-security-and-how-does-it.html

Critical flaw in Hunk Companion plugin (CVE-2024-11972, CVSS: 9.8) allows attackers to install vulnerable plugins, potentially leading to Remote Code Execution (RCE), SQL Injection, and administrative backdoors.

Over 10,000 WordPress sites are at risk. Learn steps to secure your site now: https://thehackernews.com/2024/12/wordpress-hunk-companion-plugin-flaw.html

[Free] Cloud Risk Self-Assessment Checklist

Ready to secure your cloud? Easily evaluate and uncover cloud risk with this simple checklist to help strengthen your security posture.

Downlod Checklist: https://thn.news/cloud-risk-checklist

🚨 Apple's TCC framework #vulnerability exposed!

A now-patched flaw (CVE-2024-44131) allowed unauthorized apps to access sensitive data like Health info, microphone, and #iCloud backups—without users knowing.

Learn more: https://thehackernews.com/2024/12/researchers-uncover-symlink-exploit.html

Gamaredon, a Russian-linked hacking group, targets mobile devices with BoneSpy and PlainGnome, #spyware stealing SMS, call logs, location, and photos in former Soviet states.

Find details here: https://thehackernews.com/2024/12/gamaredon-deploys-android-spyware.html

Over 296,000 Prometheus Node Exporter instances and 40,300 servers are publicly accessible, exposing sensitive credentials and API keys.

Read the full article: https://thehackernews.com/2024/12/296000-prometheus-instances-exposed.html

U.S. DoJ dismantles Rydox marketplace, seizes $225K in cryptocurrency, arrests three Kosovo nationals for selling stolen data and cybercrime tools, impacting 18,000 users.

Read the story: https://thehackernews.com/2024/12/fbi-busts-rydox-marketplace-with-7600.html

🚨 New Malware Alert: PUMAKIT, a #Linux rootkit, employs advanced stealth tactics to evade detection and escalate privileges.

It’s not just hiding files—it’s altering core system behavior while remaining invisible to system tools.

Learn how PUMAKIT operates 👉 https://thehackernews.com/2024/12/new-linux-rootkit-pumakit-uses-advanced.html

🔥 Iranian-linked IOCONTROL malware exploits IoT and OT devices, targeting SCADA systems and fuel infrastructure with advanced evasion tactics like MQTT and DNS-over-HTTPS.

🔗 Learn how this sophisticated malware operates https://thehackernews.com/2024/12/iran-linked-iocontrol-malware-targets.html

🚨 U.S. DoJ indicts 14 North Koreans for a $88M IT fraud scheme involving identity theft, extortion, and data breaches. $2.26M seized and a $5M reward announced for tips.

Learn more: https://thehackernews.com/2024/12/doj-indicts-14-north-koreans-for-88m-it.html

🛡️ Critical OpenWrt #vulnerability (CVE-2024-54143) discovered — With just a 12-character hash collision, attackers can replace legitimate firmware with a malicious alternative, all without authentication.

Discover the technical details: https://thehackernews.com/2024/12/critical-openwrt-vulnerability-exposes.html

🚨 Why Do Great Companies Still Get Breached? Advanced solutions don’t always mean advanced protection.

🎙️ Join Silverfort’s CISO, John Paul Cunningham, as he explores:
✓Common vulnerabilities often overlooked, even with advanced solutions
✓How attackers bypass traditional defenses
✓ Practical strategies to address hidden risks and blind spots

📅 16 December, 2024

👉 Don’t miss out—Reserve your spot for this exclusive webinar: https://thehacker.news/ciso-perspective-data-breaches

💬 “Strengthening defenses isn’t just about tools—it’s about strategy.”

"United States Department of Justice.pdf" – Legit? Think Again!

New Backdoor Targeting Thai Officials. Hackers are deploying a stealthy backdoor, Yokai, by disguising malware as trusted documents.

🎯 What happened? DLL side-loading enables attackers to bypass defenses.

💡 Backdoor connects to attacker-controlled servers for total system control. Without proactive measures, businesses risk breaches that cost millions.

Here’s what you can do NOW:
1️⃣ Train teams on spotting spear-phishing lures.
2️⃣ Audit systems for DLL side-loading vulnerabilities.
3️⃣ Strengthen your endpoint defenses.

Find details here: https://thehackernews.com/2024/12/thai-officials-targeted-in-yokai.html

🚨 Could Your Device Be a Secret Cybercriminal Tool?

The Federal Office of Information Security (BSI) just disrupted BADBOX, a malware preloaded on common devices like picture frames and cheap android phones.

💡 What’s the risk?
⇢ Devices turned into ad fraud machines, routing hackers' internet traffic.
⇢ Stolen authentication codes, fake Gmail & WhatsApp accounts created.

⚠️ Why it matters:
This isn’t just a malware problem—it's a supply chain crisis. If a device seems "too cheap," it might come with hidden costs.

🔗 Learn more: https://thehackernews.com/2024/12/germany-disrupts-badbox-malware-on.html

⚠️ Ukraine’s SSU uncovered a shocking case involving 15- and 16-year-olds who were tricked by the FSB into espionage missions disguised as innocent quests, assisting in reconnaissance for airstrikes.

🔎 Key Insights:
➟ How: Teens were sent coordinates, tasked to take photos/videos of key locations.
➟ Impact: Data shared via encrypted chats led to airstrikes on Ukrainian soil.
➟ Key Arrests: Ukraine’s SSU detained multiple operatives, including a Russian police officer orchestrating the missions.

Read how Ukraine dismantled this operation and what it means for cyber and physical security.

Full story here: https://thehackernews.com/2024/12/ukrainian-minors-recruited-for-cyber.html

🚨 A new PHP-based backdoor, Glutton, is wreaking havoc across the globe, targeting China, the US, Cambodia, Pakistan, and South Africa. This APT41's toolkit doesn’t stop there—it’s also attacking cybercriminals!

▶ Uses compromised enterprise hosts as bait 🎣
▶ Infects popular PHP frameworks like Laravel and ThinkPHP
▶ Modular framework with 22 unique commands for stealthy infiltration
▶ Surprisingly lacks typical nation-state-level encryption—why?
▶ Leaves no files behind—ensures stealth through FastCGI processes

👉 See how Glutton operates. Read the full story: https://thehackernews.com/2024/12/new-glutton-malware-exploits-popular.html