🚨 Urgent: Update your devices ASAP!

Two critical security flaws in iOS, macOS, and Safari are under attack. Learn about CVE-2023-42916 & CVE-2023-42917 and how they can expose your sensitive data while browsing.

Details here ➥ https://thehackernews.com/2023/12/zero-day-alert-apple-rolls-out-ios.html

🚨 Attention: Zyxel released patches for 15 security issues in NAS, firewall, and AP devices. Includes 3 critical flaws allowing authentication bypass and command injection.

Details here ➥ https://thehackernews.com/2023/12/zyxel-releases-patches-to-fix-15-flaws.html

U.S. Treasury's OFAC sanctions North Korea-linked prolific hacking group Kimsuky and 8 foreign-based agents for gathering intelligence and processing stolen assets.

🔗 Read more ➥ https://thehackernews.com/2023/12/us-treasury-sanctions-north-korean.html

🔐 PRIVACY ALERT:

WhatsApp has introduced a new feature called 'Secret Code' that now lets you set custom unique passwords for your private chats, adding an extra layer of security.

Learn how to enable it ➥ https://thehackernews.com/2023/12/whatsapps-new-secret-code-feature-lets.html

🛡️ Gcore, a security provider, faced two massive DDoS attacks in November 2023, with peak strengths of 📈 1.1 and 1.6 Tbps.

Learn how attackers used 💥 SYN flood and PSH, ACK traffic to attack targeted servers.

Find details here ➥ https://thehackernews.com/2023/12/discover-how-gcore-thwarted-powerful.html

🚨 Chinese-speaking threat actor targeting Uzbekistan Ministry of Foreign Affairs and South Korean users with dangerous SugarGh0st RAT.

Read more about this latest cyber incident ➥ https://thehackernews.com/2023/12/chinese-hackers-using-sugargh0st-rat-to.html

New Android #malware called FjordPhantom is defrauding banking customers in Indonesia, Thailand, and Vietnam.

It steals sensitive information by loading legitimate banking apps in a virtual container.

Learn more about FjordPhantom ➥ https://thehackernews.com/2023/12/new-fjordphantom-android-malware.html

💻 DOJ and FBI dismantle Qakbot #malware and botnet, but is the threat really gone? Find out the aftermath and mitigation strategies.

Learn more ➥ https://thehackernews.com/2023/12/qakbot-takedown-aftermath-mitigations.html

Russian national Vladimir Dunaev found guilty for developing TrickBot #malware, facing up to 35 years in prison.

Details here ➥ https://thehackernews.com/2023/12/russian-hacker-vladimir-dunaev.html

🕵️ 🚨 Agent Racoon malware infiltrates organizations in the U.S., Middle East, and Africa. Learn how this malware leverages DNS to create a secret channel for backdoor access.

Details here ➥ https://thehackernews.com/2023/12/agent-racoon-backdoor-targets.html

Microsoft warns of new CACTUS ransomware attacks using malvertising lures to deploy DanaBot as an initial access vector.

Learn more ➥ https://thehackernews.com/2023/12/microsoft-warns-of-malvertising-scheme.html

🚨 LogoFAIL: Critical vulnerabilities in UEFI Code from multiple firmware/BIOS vendors can be exploited by threat actors to bypass security technologies and deliver a malicious payload.

Learn more ➥ https://thehackernews.com/2023/12/logofail-uefi-vulnerabilities-expose.html

🤖 A new variant of the P2PInfect botnet has emerged, now compiled for MIPS architecture, and it's targeting routers and IoT devices.

Learn more: ➥ https://thehackernews.com/2023/12/new-p2pinfect-botnet-mips-variant.html

Researchers found novel attacks called BLUFFS on Bluetooth Classic, undermining its forward secrecy and future secrecy guarantees.

These attacks enable adversary-in-the-middle scenarios between connected peers.

Learn more: ➥ https://thehackernews.com/2023/12/new-bluffs-bluetooth-attack-expose.html

🔐 Secure Your SaaS Apps: Year-end is the perfect time to review user access, remove unnecessary permissions, and reduce SaaS risk.

Learn how to start the new year with a clean user list: https://thehackernews.com/2023/12/make-fresh-start-for-2024-clean-out.html

🚨 New cyber threat actor "AeroBlade" discovered involved in cyberattack on U.S. aerospace organization using spear-phishing.

Learn more: https://thehackernews.com/2023/12/new-threat-actor-aeroblade-emerges-in.html

🚨 Microsoft found Kremlin-backed nation-state activity exploiting a security flaw in Outlook, risking victims' accounts.

Learn how folder permissions were used to extract valuable info: https://thehackernews.com/2023/12/microsoft-warns-of-kremlin-backed-apt28.html

🚨 ALERT — Over 15,000 Go module repositories on GitHub are vulnerable to repojacking attacks.

Find out why and what actions need to be taken to address this issue.

Details here ➥ https://thehackernews.com/2023/12/15000-go-module-repositories-on-github.html

🚨 Webinar alert!

SoFi+ Sentra = Successful Data Security Posture Management (DSPM) for Fintech and Regulated Data.

🗓 Date: December 13
🕝 Time: 12:00 PM EST

Get ready for a fascinating discussion with SoFi, an innovative cloud-native financial services provider, about navigating data challenges while staying compliant with regulations and seamlessly managing third-party integrations.

Find out how they achieved all this through successfully implementing Sentra's DSPM solution.

🎙️ Featured Speakers:

➥ Pritam H Mungse , Director of Product Security at SoFi
➥ Zachary Schulze, Sr. Staff Application Security Engineer at SoFi
➥ Aviv Zisso, Director of Customer Success at Sentra

Register here — https://thn.news/sofi-webinar

Microsoft Copilot transforms how we work with AI across Microsoft 365 apps.

Surprise: It can access everything 🤯 you've worked on in M365.

Is your data safe?

Learn more about this productivity powerhouse and its security implications: https://thehackernews.com/2023/12/generative-ai-security-preventing.html