π¨ Webinar Alert: Best Practices for Access Management in 2025
Struggling to manage user access in a way that meets the latest security standards while working within a tight budget? If you're a Google Workspace user, you're in luck
Did you know that you can configure any access-related process β provisioning roles, deprovisioning users, and conducting regular audits β using native Google Workspace capabilities? Plus a little automation!
Join us for an exclusive webinar where weβll explore:
β The Top 5 Access Control Trends you need to know for 2025
β How to build an automation for role-based access provisioning in Google Workspace in just 5 minutes
β How to automate workflows for offboarding users, scheduled audits (and add this advanced project completion to your CV πͺ)
π When: January 30
π― This webinar is perfect for IT teams looking to boost data security, ensure compliance, and maximize the value of their Google Workspace environment.
π Register Now: https://thn.news/google-workspace-access-2025
Struggling to manage user access in a way that meets the latest security standards while working within a tight budget? If you're a Google Workspace user, you're in luck
Did you know that you can configure any access-related process β provisioning roles, deprovisioning users, and conducting regular audits β using native Google Workspace capabilities? Plus a little automation!
Join us for an exclusive webinar where weβll explore:
β The Top 5 Access Control Trends you need to know for 2025
β How to build an automation for role-based access provisioning in Google Workspace in just 5 minutes
β How to automate workflows for offboarding users, scheduled audits (and add this advanced project completion to your CV πͺ)
π When: January 30
π― This webinar is perfect for IT teams looking to boost data security, ensure compliance, and maximize the value of their Google Workspace environment.
π Register Now: https://thn.news/google-workspace-access-2025
π15β‘4π2
π¨ Alert β GitHub Desktop & GitHub projects have critical vulnerabilities that can expose your credentials to attackers.
π CVE-2024-53263 β Git LFS leaks credentials via crafted URLs.
β‘ CVE-2024-50338 β GitHub CLI sends tokens to attacker-controlled hosts.
Attackers can use this to gain unauthorized access to your private repositories.
π Read full details: https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html
π CVE-2024-53263 β Git LFS leaks credentials via crafted URLs.
β‘ CVE-2024-50338 β GitHub CLI sends tokens to attacker-controlled hosts.
Attackers can use this to gain unauthorized access to your private repositories.
π Read full details: https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html
π€―24π±13π6π2β‘1
π Urgent: Apple has released a software update to patch a zero-day vulnerability (CVE-2025-24085) actively exploited in the wild, affecting iPhones, iPads, Macs, Apple TVs, and more.
This flaw could allow malicious apps to escalate privileges and take control of your device.
π Read: https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html
This flaw could allow malicious apps to escalate privileges and take control of your device.
π Read: https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html
π22π13π€―10β‘5π±4
π¨ DeepSeek, an AI startup that became insanely popular overnight, is disrupting OpenAIβs dominance.
However, the company is now facing cyberattacks, forcing it to temporarily pause new signups to protect its services.
Explore the full story: https://thehackernews.com/2025/01/top-rated-chinese-ai-app-deepseek.html
However, the company is now facing cyberattacks, forcing it to temporarily pause new signups to protect its services.
Explore the full story: https://thehackernews.com/2025/01/top-rated-chinese-ai-app-deepseek.html
π35π±10π₯7π5π4π€3
π¨ UPDATE: PoC Released for CVE-2024-55591, a vulnerability in the jsconsole functionality that could allow attackers to add a new administrative account.
Nearly 45,000 hosts remain vulnerable as of January 27, 2025.
Read: https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html
Nearly 45,000 hosts remain vulnerable as of January 27, 2025.
Read: https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html
π₯9π8π4
π Three Russian GRU officers are sanctioned for carrying out malicious cyber activities against Estonia.
Breach affected Estoniaβs Foreign Affairs, Economic Affairs, and Health Ministries.
π Read more on the full story: https://thehackernews.com/2025/01/eu-sanctions-3-russian-nationals-for.html
Breach affected Estoniaβs Foreign Affairs, Economic Affairs, and Health Ministries.
π Read more on the full story: https://thehackernews.com/2025/01/eu-sanctions-3-russian-nationals-for.html
π16π€―4β‘3π₯3π3π2
π Is Your Password Hash Secure Enough? Modern attackers use GPU-powered tools to crack even long, complex passwords protected by weak algorithms.
Donβt leave your passwords exposed. Discover how to defeat password-cracking tools and protect your accounts: https://thehackernews.com/2025/01/how-long-does-it-take-hackers-to-crack.html
Donβt leave your passwords exposed. Discover how to defeat password-cracking tools and protect your accounts: https://thehackernews.com/2025/01/how-long-does-it-take-hackers-to-crack.html
π11π8β‘2
π¨ ALERT: Cybercriminals are hijacking ESXi systems to tunnel traffic and remain hidden on networks for extended periods.
Native tools like SSH allow attackers to blend in with legitimate traffic, bypassing detection and making it nearly impossible to spot them.
Read: https://thehackernews.com/2025/01/ransomware-targets-esxi-systems-via.html
Native tools like SSH allow attackers to blend in with legitimate traffic, bypassing detection and making it nearly impossible to spot them.
Read: https://thehackernews.com/2025/01/ransomware-targets-esxi-systems-via.html
π₯19π8β‘2
The #1 threat to technical work at scale is poor communication.
A study conducted by Harvard University, the Carnegie Foundation, and Stanford Research Center found that 85% of job success comes from soft skills (such as people skills), whereas only 15% stems from hard skills (such as technical capabilities).
Soft skills can distinguish you to help preserve or even further your career, but if theyβre not developed, they can create a ceiling over your growth.
Whether sharing status updates on a virtual standup meeting or delivering a keynote tech talk at an in-person conference, how you communicate your work can either fuel its growth or snuff out its success.
If youβre looking to improve your communication and presentation skills, look no further than the new book, Luminary: Master the Art and Science of Storytelling for Technical Professionals.
Learn more about the book and how it can help you and your work advance here: https://thn.news/storytelling-technical-professionals
A study conducted by Harvard University, the Carnegie Foundation, and Stanford Research Center found that 85% of job success comes from soft skills (such as people skills), whereas only 15% stems from hard skills (such as technical capabilities).
Soft skills can distinguish you to help preserve or even further your career, but if theyβre not developed, they can create a ceiling over your growth.
Whether sharing status updates on a virtual standup meeting or delivering a keynote tech talk at an in-person conference, how you communicate your work can either fuel its growth or snuff out its success.
If youβre looking to improve your communication and presentation skills, look no further than the new book, Luminary: Master the Art and Science of Storytelling for Technical Professionals.
Learn more about the book and how it can help you and your work advance here: https://thn.news/storytelling-technical-professionals
π11π€9π4β‘3
Media is too big
VIEW IN TELEGRAM
βοΈ Prepare for battle. Defend your network. Master your craft.
At SANS live training events, you'll:
β Train with cybersecurity legends
β Get hands-on with real-world threats
β Build your future with certifications
π― Find your next event: π https://thn.news/sans-training-tel
#SANSLiveTraining #SANS
At SANS live training events, you'll:
β Train with cybersecurity legends
β Get hands-on with real-world threats
β Build your future with certifications
π― Find your next event: π https://thn.news/sans-training-tel
#SANSLiveTraining #SANS
β‘5π4π2
π¨ Cybersecurity experts discovered a flaw in a popular travel service that let hackers hijack accounts with a simple click.
Attackers could impersonate victims, book travel, and even use loyalty points!
Learn how: https://thehackernews.com/2025/01/oauth-redirect-flaw-in-airline-travel.html
Attackers could impersonate victims, book travel, and even use loyalty points!
Learn how: https://thehackernews.com/2025/01/oauth-redirect-flaw-in-airline-travel.html
π₯13β‘3π1
β οΈ A new phishing email campaign is taking over Poland & Germany, using fake order receipts to infect machines with Agent Tesla, Snake Keylogger, and TorNet malware.
Read the full story: https://thehackernews.com/2025/01/purecrypter-deploys-agent-tesla-and-new.html
Read the full story: https://thehackernews.com/2025/01/purecrypter-deploys-agent-tesla-and-new.html
π15π6β‘4π₯2
π SOCs Drowning in Alerts? AI-powered SOC Analysts now triage & investigate within MINUTES!
Speed, accuracy, and efficiencyβALL in one solution, reducing breach impact and costs.
Find out how AI is transforming SOCs: https://thehackernews.com/2025/01/ai-soc-analysts-propelling-secops-into.html
Speed, accuracy, and efficiencyβALL in one solution, reducing breach impact and costs.
Find out how AI is transforming SOCs: https://thehackernews.com/2025/01/ai-soc-analysts-propelling-secops-into.html
π15β‘5π€―4π₯3π1
π¨ URGENT: Critical Zero-Day Alert!
Thousands of Zyxel CPE devices are being actively exploited by attackers. Over 1,500 devices exposed globally.
β€· Limit admin access
β€· Filter traffic for unusual requests
π Read: https://thehackernews.com/2025/01/zyxel-cpe-devices-face-active.html
Thousands of Zyxel CPE devices are being actively exploited by attackers. Over 1,500 devices exposed globally.
β€· Limit admin access
β€· Filter traffic for unusual requests
π Read: https://thehackernews.com/2025/01/zyxel-cpe-devices-face-active.html
π15π₯7β‘2π1π€1
π¨ WATCH OUT: A new vulnerability, CVE-2025-22217, in VMware Avi Load Balancer could give attackers full access to your databases!
No workaroundsβonly updates will protect you.
Running affected versions? Learn more: https://thehackernews.com/2025/01/broadcom-warns-of-high-severity-sql.html
No workaroundsβonly updates will protect you.
Running affected versions? Learn more: https://thehackernews.com/2025/01/broadcom-warns-of-high-severity-sql.html
π€8π₯4π±2β‘1π1π1
π UAC-0063 has been using stolen documents from Kazakhstanβs Ministry of Foreign Affairs to spear-phish targets and deploy HATVIBE malware.
π Read the full details on UAC-0063βs evolving tactics: https://thehackernews.com/2025/01/uac-0063-expands-cyber-attacks-to.html
π Read the full details on UAC-0063βs evolving tactics: https://thehackernews.com/2025/01/uac-0063-expands-cyber-attacks-to.html
π13β‘1
β οΈ A critical flaw (CVE-2025-22604) in Cacti could lead to remote code execution. If exploited, authenticated attackers could steal or manipulate sensitive data.
Patch to version 1.2.29 to fix this flaw and protect your systems.
Learn more: https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html
Patch to version 1.2.29 to fix this flaw and protect your systems.
Learn more: https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html
π₯9π6β‘1π€1
π¨ Apple Silicon CPUs hit by 2 new vulnerabilities: SLAP & FLOP
These attacks target Load Address and Load Value Predictors in Apple CPUs, risking exposure of your:
β€· Location history
β€· Calendar events
β€· Sensitive data
π Read: https://thehackernews.com/2025/01/new-slap-flop-attacks-expose-apple-m.html
These attacks target Load Address and Load Value Predictors in Apple CPUs, risking exposure of your:
β€· Location history
β€· Calendar events
β€· Sensitive data
π Read: https://thehackernews.com/2025/01/new-slap-flop-attacks-expose-apple-m.html
π16π₯7π±7π4π3π€2β‘1
π₯ AI isnβt just a trend in cybersecurityβitβs already reshaping how teams defend against threats.
But are we fully prepared to tackle its challenges?
In this latest #webinar, youβll discover:
β€· Real insights from 200 cybersecurity professionals using AI today
β€· Whatβs working & whatβs not in the world of AI-driven security
β€· The real hurdlesβdata issues, transparency, and more
π¨βπ» Join Now and discover how to make AI work harder for you: https://thehackernews.com/2025/01/ai-in-cybersecurity-whats-effective-and.html
But are we fully prepared to tackle its challenges?
In this latest #webinar, youβll discover:
β€· Real insights from 200 cybersecurity professionals using AI today
β€· Whatβs working & whatβs not in the world of AI-driven security
β€· The real hurdlesβdata issues, transparency, and more
π¨βπ» Join Now and discover how to make AI work harder for you: https://thehackernews.com/2025/01/ai-in-cybersecurity-whats-effective-and.html
π₯11π9π3β‘1π€―1
π North Korea's Lazarus Group is now using a powerful web-based admin panel to coordinate cyberattacks across the globe.
233 targets, mostly in crypto, with a surge in Indiaβ110 new victims just in January.
Learn more: https://thehackernews.com/2025/01/lazarus-group-uses-react-based-admin.html
233 targets, mostly in crypto, with a surge in Indiaβ110 new victims just in January.
Learn more: https://thehackernews.com/2025/01/lazarus-group-uses-react-based-admin.html
π₯24π14π±7β‘3π3π1
β οΈ New Mirai Botnet Variant Aquabot Targets CVE-2024-41710 in Mitel Phones for DDoS Attacks.
The flaw affects Mitel 6800, 6900, 6900w phones and Mitel 6970 Conference Units. Attackers have been exploiting CVE-2024-41710 since January 2025.
Attackers are using Telegram to sell DDoS servicesβthis threat is already commercialized.
Learn more: https://thehackernews.com/2025/01/new-aquabot-botnet-exploits-cve-2024.html
The flaw affects Mitel 6800, 6900, 6900w phones and Mitel 6970 Conference Units. Attackers have been exploiting CVE-2024-41710 since January 2025.
Attackers are using Telegram to sell DDoS servicesβthis threat is already commercialized.
Learn more: https://thehackernews.com/2025/01/new-aquabot-botnet-exploits-cve-2024.html
π19π4π€3π2