🚨 Progress Software discloses 3rd critical flaw in MOVEit Transfer app—SQL injection—allowing unauthorized access & escalated privileges.

https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html

Meanwhile, Cl0p ransomware gang exploits MOVEit flaws, targets 27 hacked companies, incl. U.S. federal agencies.

Mandiant's latest report uncovers UNC4841, an espionage actor linked to the People's Republic of China, exploiting a recently patched zero-day flaw in Barracuda Email Security Gateway.

Find out how this skilled group targeted organizations worldwide: https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.html

The U.S. Department of Justice charges a 20-year-old Russian national for deploying LockBit ransomware worldwide. The suspect was arrested in Arizona last month.

Read details: https://thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html

🐍 ChamelGang's new weapon unveiled: ChamelDoH. This powerful Linux backdoor uses DNS-over-HTTPS for covert communication.

Discover how this previously undocumented backdoor infiltrates, executes remote commands, and evades detection: https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.html

Romanian Diicot hackers now equipped with off-the-shelf botnet, ready to launch DDoS attacks. Their activities span cryptojacking and doxxing rival hacking groups.

Learn more: https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html

Microsoft has officially confirmed that Layer 7 DDoS attacks caused disruptions in Azure, Outlook, and OneDrive services.

Read details here: https://thehackernews.com/2023/06/microsoft-blames-massive-ddos-attack.html

Sustained cyber-espionage attacks targeting Middle East and Africa governmental entities! Sophisticated techniques involving credential theft and MS Exchange email exfiltration used to obtain highly sensitive information.

Read details: https://thehackernews.com/2023/06/state-backed-hackers-employ-advanced.html

New sophisticated toolkit targeting Apple macOS systems discovered by cybersecurity researchers. Undetected malicious artifacts pose a serious threat, while permission checks raise concerns about a complex attack.

Read details: https://thehackernews.com/2023/06/researchers-discover-new-sophisticated.html

New malware alert! Mystic stealer targets 40 web browsers, 70 browser extensions, cryptocurrency wallets, Steam, and Telegram. It employs anti-analysis techniques and defense evasion, reflecting current malware trends.

Details: https://thehackernews.com/2023/06/new-mystic-stealer-malware-targets-40.html

Weak access controls, network misconfigurations & more. Infrastructure as Code (IaC) Security is crucial!

Checkmarx's AI Guided Remediation for IaC Security & KICS provides actionable steps & advice for faster remediation.

Learn more: https://thehackernews.com/2023/06/introducing-ai-guided-remediation-for.html

Warning: Android users in Pakistan are facing a sophisticated attack. Fake apps, like "iKHfaa VPN" and "nSure Chat," are being used to extract personal data and compromise devices.

Read details here: https://thehackernews.com/2023/06/rogue-android-apps-target-pakistani.html

⚡ Over 100,000 OpenAI ChatGPT account credentials have been compromised and sold on the dark web.

Cybercriminals are targeting the valuable information stored in these accounts.

Read details: https://thehackernews.com/2023/06/over-100000-stolen-chatgpt-account.html

Take necessary precautions to safeguard your data.

🔒 Take action now! ASUS has released firmware updates to fix nine security bugs impacting router models.

Key fixes: CVE-2018-1160 and CVE-2022-26376. Update firmware, disable WAN services, and conduct regular audits for maximum security.

Read details: https://thehackernews.com/2023/06/asus-releases-patches-to-fix-critical.html

🚨 Experts expose a year-long cyber operation targeting an East Asian IT firm, deploying custom malware called RDStealer to compromise data and steal credentials.

Learn more: https://thehackernews.com/2023/06/experts-uncover-year-long-cyber-attack.html

⚠️ Attention Zyxel NAS users! A new critical vulnerability (CVE-2023-27992) could allow attackers to run arbitrary commands on affected systems.

Read details: https://thehackernews.com/2023/06/zyxel-releases-urgent-security-updates.html

Don't wait—apply the security update immediately!

Quick Serve Restaurants depend on shared resources and consistency. As threat actors target food chains, securing #SaaS apps is crucial.

Learn how SSPMs manage data, detect misconfigurations, enhance security, and protect your SaaS stack.

https://thehackernews.com/2023/06/saas-in-real-world-how-global-food.html

Three new security vulnerabilities in Wago and Schneider Electric products have been disclosed, part of the broader OT:ICEFALL issues affecting 13 vendors.

Find out more: https://thehackernews.com/2023/06/researchers-expose-new-severe-flaws-in.html

🚨 Attention network admins! #VMware's Aria Operations for Networks is under attack. The critical vulnerability (CVE-2023-20887) is being actively exploited, putting your network at high risk.

Learn more: https://thehackernews.com/2023/06/alert-hackers-exploiting-critical.html

Upgrade NOW to prevent RCE attacks.

New malware alert! Condi, a powerful botnet, is exploiting a vulnerability in TP-Link Archer AX21 Wi-Fi routers, turning them into DDoS attack machines.

Learn more about Condi here: https://thehackernews.com/2023/06/new-condi-malware-hijacking-tp-link-wi.html

🚨 Chinese state-sponsored actor, Flea, targets foreign affairs ministries in the Americas, using a new backdoor named Graphican.

Read details: https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html