🤖 A sophisticated campaign known as TetrisPhantom is targeting APAC government entities, covertly harvesting sensitive data via secure USB drives.

Read: https://thehackernews.com/2023/10/tetrisphantom-cyber-espionage-via.html

Kaspersky links the mysterious APT actor to attacks on Russian entities.

💰 Financial data is a digital treasure trove, but it's also a prime target for cybercriminals. Join our cybersecurity webinar to learn how to secure your financial data and ensure compliance.

Reserve your spot now—it's free: https://thehackernews.com/2023/10/webinar-locking-down-financial-and.html

⚠️ New cyber threat: Discover how Qubitstrike, linked to Tunisia, targets Jupyter Notebooks for cryptocurrency mining and cloud breaches while also employing a sophisticated rootkit malware.

Learn more: https://thehackernews.com/2023/10/qubitstrike-targets-jupyter-notebooks.html

🔐 Explore 7 real-life attack paths and learn how to tackle them.

Ensure you don't miss out on crucial insights and the power of the Exposure Management Platform for protecting critical assets.

Read: https://thehackernews.com/2023/10/unraveling-real-life-attack-paths-key.html

Citrix is warning of active exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that can hijack sessions and bypass multi-factor authentication.

Learn more: https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html

Patch immediately and terminate active sessions.

🚨 Korean hacking group Lazarus Group targets defense industry and nuclear engineers with fake job interviews, using trojanized VNC apps to steal data and execute commands.

Learn more: https://thehackernews.com/2023/10/lazarus-group-targeting-defense-experts.html

🕵️‍♂️ ALERT: Google TAG security experts uncover Russian and Chinese state-backed threat actors exploiting WinRAR vulnerability (CVE-2023-38831) to infiltrate systems.

Get details here: https://thehackernews.com/2023/10/google-tag-detects-state-backed-threat.html

North Korean threat actors Diamond Sleet and Onyx Sleet are exploiting a critical vulnerability in JetBrains TeamCity to breach servers, deploy #malware, and potentially launch supply chain attacks.

Read: https://thehackernews.com/2023/10/microsoft-warns-of-north-korean-attacks.html

Iran-linked threat actor, OilRig, launched an 8-month cyber campaign targeting a Middle East government. Passwords stolen, files compromised.

Learn more: https://thehackernews.com/2023/10/iran-linked-oilrig-targets-middle-east.html

Google Play Protect now scans apps in real time to detect and block novel Android malware before you install them.

Learn more: https://thehackernews.com/2023/10/google-play-protect-introduces-real.html

This new feature is designed to protect users against polymorphic apps that leverage AI to avoid detection.

🕵️‍♂️ Are you still relying on quarterly vulnerability scans for security?

With vulnerabilities popping up daily, it's time to consider continuous scanning.

Read: https://thehackernews.com/2023/10/vulnerability-scanning-how-often-should.html

💪 Be harder, better, faster, and stronger against threats.

New MATA cyberespionage operation strikes Eastern European companies in oil & gas and defense sectors.

Also get insights into the latest MATA variant, completely rewritten from scratch: https://thehackernews.com/2023/10/sophisticated-mata-framework-strikes.html

U.S. government seizes 17 website domains and confiscates $1.5 million linked to North Korean IT workers in a massive global fraud scheme.

Read: https://thehackernews.com/2023/10/us-doj-cracks-down-on-north-korean-it.html

Beware of ExelaStealer: a new info stealer targeting Windows. It steals sensitive data like passwords, credit card numbers, and Discord tokens. Spread through phishing emails and watering holes.

Learn more: https://thehackernews.com/2023/10/exelastealer-new-low-cost-cybercrime.html

Cybersecurity concerns are holding back IoT adoption.

Learn why most IoT solutions fall short in security, resulting in vulnerabilities and unreliable updates. Find out how to make IoT more secure:

Read: https://thehackernews.com/2023/10/unleashing-power-of-internet-of-things.html

Vietnamese threat actors are using the Ducktail stealer and DarkGate malware in linked campaigns to target organizations in the UK, US, and India.

Learn more: https://thehackernews.com/2023/10/vietnamese-hackers-target-uk-us-and.html

Beware of fake software ads on Google Search!

Hackers use Google Ads to direct users searching for popular software, such as KeePass Password Manager and Notepad++, to malicious copycats that distribute malware.

Learn more: https://thehackernews.com/2023/10/malvertisers-using-google-ads-to-target.html

🚨 Cisco issued an alert about a new zero-day vulnerability in IOS XE (CVE-2023-20273). Attackers are actively exploiting it to install a malicious Lua-based implant on vulnerable devices.

Learn more: https://thehackernews.com/2023/10/cisco-zero-day-exploited-to-implant.html

🚨 Alert: Identity services provider Okta discloses breach, impacting customers including BeyondTrust and Cloudflare. Unidentified threat actors accessed the support system.

Learn more: https://thehackernews.com/2023/10/oktas-support-system-breach-exposes.html

Big Wins Against Cybercrime!

— Europol takes down Ragnar Locker ransomware's infrastructure, arrests key suspect in France.

— Trigona leak site infiltrated and shut down.

— India's CBI conducts nationwide raids on cyber-enabled financial crime infrastructure.

Read: https://thehackernews.com/2023/10/europol-dismantles-ragnar-locker.html