Your first 100 days as a vCISO are crucial. Learn how to succeed with our 5-step action plan. Explore vCISO goals, pitfalls to avoid, and key activities for each phase.

Read: https://thehackernews.com/2023/12/playbook-your-first-100-days-as-vciso-5.html

Lazarus Group's new campaign, Operation Blacksmith, utilizes Log4j exploits to deploy Remote Access Trojans (RATs), including NineRAT and DLRAT.

🔗 Read the full article: https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html

🚨 Tactical overlaps discovered between APT Sandman and China-based threat cluster using KEYPLUG backdoor.

Find details in this article: https://thehackernews.com/2023/12/researchers-unmask-sandman-apts-hidden.html

⚠️ Urgent Update: Apache warns of a critical RCE flaw in Struts 2 web app framework (CVE-2023-50164) that could lead to remote code execution.

Find details here: https://thehackernews.com/2023/12/new-critical-rce-vulnerability.html

Upgrade to patched versions now to prevent potential breaches.

🔒 Apple released patches for multiple vulnerabilities in iOS, iPadOS, macOS, tvOS, watchOS, and Safari—and also backported fixes for two recently disclosed zero-day vulnerabilities to older devices.

Get details here: https://thehackernews.com/2023/12/apple-releases-security-updates-to.html

Alert: New malware campaign spreading MrAnon Stealer, a Python-based malware, via fake hotel booking PDFs.

Learn more: https://thehackernews.com/2023/12/new-mranon-stealer-targeting-german-it.html

It steals credentials, system info, browser sessions, and cryptocurrency extensions.

🕵️‍♂️ 2023 has witnessed 11 high-profile attacks in just 13 months, all exploiting non-human access.

Find out why non-human identities are the new perimeter: https://thehackernews.com/2023/12/non-human-access-is-path-of-least.html

APT28, a Russian threat actor, is using Israel-Hamas war-related lures to distribute the HeadLace backdoor. This targeted campaign affects 13 nations globally.

Read: https://thehackernews.com/2023/12/russian-apt28-hackers-targeting-13.html

Hacking incidents in healthcare have tripled from 2018 to 2022. To defend against cyberthreats, organizations should adopt an attacker's mindset, focusing on asset inventory and monitoring.

Learn how attackers operate in the digital age: https://thehackernews.com/2023/12/unveiling-cyber-threats-to-healthcare.html

🛡️ Microsoft's final Patch Tuesday of 2023 is here, addressing 33 software flaws.

This release includes 4 Critical and 29 Important fixes, making it one of the lightest in recent years.

Read: https://thehackernews.com/2023/12/microsofts-final-2023-patch-tuesday-33.html

🚨 Ukraine's largest telecom operator, 📡 Kyivstar, hit by a cyberattack, disrupting mobile and internet services.

Read more about this here: https://thehackernews.com/2023/12/major-cyber-attack-paralyzes-kyivstar.html

Microsoft warns that adversaries are using OAuth apps for cryptocurrency mining and phishing attacks, enabling them to maintain access even after losing your account.

Details here: https://thehackernews.com/2023/12/microsoft-warns-of-hackers-exploiting.html

Protect yourself with multi-factor authentication and regular audits.

🕵️‍♂️ Identifying malware families and decrypting HTTPS traffic are key to cyber investigations.

Learn how a MITM proxy can help analysts intercept and decode malicious communication.

Click to read more: https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.html

⚡️ Google boosts Android security with Clang sanitizers.

Meet "IntSan" and "BoundSan," designed to catch vulnerabilities in the cellular baseband.

Learn how these tools work: https://thehackernews.com/2023/12/google-using-clang-sanitizers-to.html

🚨 Alert: Don't fall for fake subscription notices.

BazaCall phishing attacks are evolving; scammers are now using #Google Forms to appear more credible.

Learn more: https://thehackernews.com/2023/12/bazacall-phishing-scammers-now.html

Microsoft takes down cybercriminal group Storm-1152, responsible for distributing 750 million fraudulent Microsoft accounts and tools.

Find details here: https://thehackernews.com/2023/12/microsoft-takes-legal-action-to-crack.html

🚨 A new hacker group, GambleForce, is behind a string of SQL injection attacks across Asia-Pacific. Learn how they use basic techniques to steal sensitive data.

Read more: https://thehackernews.com/2023/12/new-hacker-group-gambleforce-tageting.html

Iranian state-sponsored group OilRig deployed three new malware downloader (ODAgent, OilCheck, and OilBooster) in 2022 to maintain access to Israeli organizations.

Learn more: https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html

⚠️ Warning: Russian SVR-linked APT29 targets unpatched JetBrains TeamCity servers using CVE-2023-42793, a vulnerability enabling remote code execution by unauthenticated attackers.

Details 👉 https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html

🤖 Manual vs. automated network penetration testing: Which is better?

Find out the pros and cons of each method: https://thehackernews.com/2023/12/reimagining-network-pentesting-with.html