Indian Hack-for-Hire group targeted U.S., China, Pakistan, and more for over a decade. They stole sensitive data from high-value individuals/organizations using spyware and exploits (reportedly) from vendors like Vervata and Vupen.

Read: https://thehackernews.com/2023/11/indian-hack-for-hire-group-targeted-us.html

🚨 Bitcoin wallets created from 2011 to 2015 vulnerable to "Randstorm" exploit, potentially allowing unauthorized access by recovering passwords.

Learn more: https://thehackernews.com/2023/11/randstorm-exploit-bitcoin-wallets.html

🐛⚠️💻 New LummaC2 malware version is using trigonometry-based tactic to differentiate between users and security systems, evading sandboxes and security analyses.

Learn more: https://thehackernews.com/2023/11/lummac2-malware-deploys-new.html

New high-volume phishing campaigns mimic tactics of defunct QakBot trojan, hijacking email threads and using unique URLs to deliver DarkGate and PikaBot malware.

Learn more: https://thehackernews.com/2023/11/darkgate-and-pikabot-malware-resurrect.html

🚨 Threat Alert: Hackers are using NetSupport RAT to target education, government, and business services. Delivery methods include fraudulent updates, drive-by downloads, malware loaders, and phishing campaigns.

Learn more https://thehackernews.com/2023/11/netsupport-rat-infections-on-rise.html

Mustang Panda, a Chinese cyber actor, linked to a cyber attack on a Philippines government entity amidst rising tensions over the disputed South China Sea.

Find out more in this report: https://thehackernews.com/2023/11/mustang-panda-hackers-targets.html

📱 Alert: Android users in India, beware! Hackers are distributing fake banking and government apps to steal sensitive data like bank info and personal details.

Learn more: https://thehackernews.com/2023/11/malicious-apps-disguised-as-banks-and.html

Phishing attacks are getting smarter! Cybercriminals are now using QR codes, CAPTCHAs, and steganography to trick victims.

Learn how to spot the signs and protect yourself from credential theft.

Read: https://thehackernews.com/2023/11/how-multi-stage-phishing-attacks.html

🛡️ A new variant of Agent Tesla malware has emerged, delivered via ZPAQ compression format, making detection challenging. It's harvesting data from email clients and 40 web browsers.

Learn more: https://thehackernews.com/2023/11/new-agent-tesla-malware-variant-using.html

🛡️💻 Identity-based attacks like lateral movement & ransomware are increasing.

Discover how Silverfort's Unified Identity Protection platform provides real-time security against such threats.

Don't just read about it, see it in action here: https://thehackernews.com/2023/11/product-walkthrough-silverforts-unified.html

Play ransomware has turned into Ransomware-as-a-Service (RaaS), allowing other cybercriminals to use it.

Operators offering a complete package—documentation, forums, technical support, and even help with negotiating ransoms.

Read: https://thehackernews.com/2023/11/play-ransomware-goes-commercial-now.html

🔒 Critical Security Alert: Threat actors, including LockBit ransomware affiliates, exploit the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.

Learn more in this article: https://thehackernews.com/2023/11/lockbit-ransomware-exploiting-critical.html

🚨 macOS users beware! Atomic Stealer, a $1,000/month malware, is now spreading through deceptive web browser updates via ClearFake.

Find out how it infiltrates your device through compromised websites: https://thehackernews.com/2023/11/clearfake-campaign-expands-to-deliver.html

⚠️ North Korean hackers posing as recruiters infect software developers with cross-platform malware named "BeaverTail" and "InvisibleFerret," targeting Windows, Linux, and macOS systems during fake interviews.

Learn more: https://thehackernews.com/2023/11/north-korean-hackers-pose-as-job.html

👩‍💼 Employees are embracing AI tools, and the pressure on CISOs is rising. The rapid adoption of AI, like ChatGPT, is reshaping cybersecurity.

Are we prepared for the risks?

Discover the risks and how to mitigate them: https://thehackernews.com/2023/11/ai-solutions-are-new-shadow-it.html

🔒 Multiple vulnerabilities have been discovered in laptop fingerprint sensors, potentially allowing attackers to bypass Windows Hello authentication on Dell, Lenovo, and Microsoft laptops.

Find out more:https://thehackernews.com/2023/11/new-flaws-in-fingerprint-sensors-let.html

North Korean hackers, aka Diamond Sleet, spread a trojanized version of CyberLink's legit app.

Beware - They're using supply chain tricks to smuggle in malicious code.

Learn more about this attack: https://thehackernews.com/2023/11/north-korean-hackers-distribute.html

Protect your organization from cyber threats with a Master's in Cybersecurity Risk Management from Georgetown University.

Attend a Sample Class — Security Architecture Design — on November 30 : https://thn.news/PqRskMsW

🚨 Alert: Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.

Learn more: https://thehackernews.com/2023/11/mirai-based-botnet-exploiting-zero-day.html

Effective Incident Response is more than just tools. It's a process.

Explore the 6-step framework for successful IR: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.

Readn here: https://thehackernews.com/2023/11/6-steps-to-accelerate-cybersecurity.html