North Korean threat actors Diamond Sleet and Onyx Sleet are exploiting a critical vulnerability in JetBrains TeamCity to breach servers, deploy #malware, and potentially launch supply chain attacks.

Read: https://thehackernews.com/2023/10/microsoft-warns-of-north-korean-attacks.html

Iran-linked threat actor, OilRig, launched an 8-month cyber campaign targeting a Middle East government. Passwords stolen, files compromised.

Learn more: https://thehackernews.com/2023/10/iran-linked-oilrig-targets-middle-east.html

Google Play Protect now scans apps in real time to detect and block novel Android malware before you install them.

Learn more: https://thehackernews.com/2023/10/google-play-protect-introduces-real.html

This new feature is designed to protect users against polymorphic apps that leverage AI to avoid detection.

🕵️‍♂️ Are you still relying on quarterly vulnerability scans for security?

With vulnerabilities popping up daily, it's time to consider continuous scanning.

Read: https://thehackernews.com/2023/10/vulnerability-scanning-how-often-should.html

💪 Be harder, better, faster, and stronger against threats.

New MATA cyberespionage operation strikes Eastern European companies in oil & gas and defense sectors.

Also get insights into the latest MATA variant, completely rewritten from scratch: https://thehackernews.com/2023/10/sophisticated-mata-framework-strikes.html

U.S. government seizes 17 website domains and confiscates $1.5 million linked to North Korean IT workers in a massive global fraud scheme.

Read: https://thehackernews.com/2023/10/us-doj-cracks-down-on-north-korean-it.html

Beware of ExelaStealer: a new info stealer targeting Windows. It steals sensitive data like passwords, credit card numbers, and Discord tokens. Spread through phishing emails and watering holes.

Learn more: https://thehackernews.com/2023/10/exelastealer-new-low-cost-cybercrime.html

Cybersecurity concerns are holding back IoT adoption.

Learn why most IoT solutions fall short in security, resulting in vulnerabilities and unreliable updates. Find out how to make IoT more secure:

Read: https://thehackernews.com/2023/10/unleashing-power-of-internet-of-things.html

Vietnamese threat actors are using the Ducktail stealer and DarkGate malware in linked campaigns to target organizations in the UK, US, and India.

Learn more: https://thehackernews.com/2023/10/vietnamese-hackers-target-uk-us-and.html

Beware of fake software ads on Google Search!

Hackers use Google Ads to direct users searching for popular software, such as KeePass Password Manager and Notepad++, to malicious copycats that distribute malware.

Learn more: https://thehackernews.com/2023/10/malvertisers-using-google-ads-to-target.html

🚨 Cisco issued an alert about a new zero-day vulnerability in IOS XE (CVE-2023-20273). Attackers are actively exploiting it to install a malicious Lua-based implant on vulnerable devices.

Learn more: https://thehackernews.com/2023/10/cisco-zero-day-exploited-to-implant.html

🚨 Alert: Identity services provider Okta discloses breach, impacting customers including BeyondTrust and Cloudflare. Unidentified threat actors accessed the support system.

Learn more: https://thehackernews.com/2023/10/oktas-support-system-breach-exposes.html

Big Wins Against Cybercrime!

— Europol takes down Ragnar Locker ransomware's infrastructure, arrests key suspect in France.

— Trigona leak site infiltrated and shut down.

— India's CBI conducts nationwide raids on cyber-enabled financial crime infrastructure.

Read: https://thehackernews.com/2023/10/europol-dismantles-ragnar-locker.html

🕵️‍♂️ Beware of Quasar RAT: A sneaky malware exploiting DLL side-loading to hide its tracks on compromised Windows systems.

Learn more: https://thehackernews.com/2023/10/quasar-rat-leverages-dll-side-loading.html

DoNot Team Strikes Again. Learn about the new .NET-based backdoor, Firebird, targeting victims in Pakistan and Afghanistan.

Learn more: https://thehackernews.com/2023/10/donot-teams-new-firebird-backdoor-hits.html

Worried about AI tool proliferation in your organization? Get immediate visibility with Nudge Security.

Discover what AI tools your employees are using from Day 1. Stay in control of AI's impact on your business.

Read: https://thehackernews.com/2023/10/whos-experimenting-with-ai-tools-in.html

📣 Heads up! Popular password management solution "1Password" detected suspicious activity related to a recent "Okta" support system breach.

Fortunately, user data was unaffected, but here's what you need to know: https://thehackernews.com/2023/10/1password-detects-suspicious-activity.html

🚨 Discover how threat actors modified the backdoor implanted on compromised Cisco devices by exploiting zero-day flaws in IOS XE software, evading detection with new techniques.

Learn about the implant's updated behavior: https://thehackernews.com/2023/10/backdoor-implant-on-hacked-cisco.html

📢 Attention iOS users:

Experts have unearthed crucial insights about the TriangleDB implant, which targets Apple iOS devices. It can record audio, pilfer #iCloud Keychain data, and more.

Learn more: https://thehackernews.com/2023/10/operation-triangulation-experts-uncover.html

Spanish authorities bust cybercriminal group behind €3 million online scam. Weapons, cash, and more seized.

Full story: https://thehackernews.com/2023/10/34-cybercriminals-arrested-in-spain-for.html