Mandiant's X account fell to a brute-force password attack due to a gap in 2FA policy during team transitions.

More: https://thehackernews.com/2024/01/mandiants-x-account-was-hacked-using.html

Hackers used it for phishing, stealing almost $900K in Solana tokens.

A reminder that small oversights can cause significant breaches.

🍏 Attention Mac users! Atomic Stealer malware gets updated to evade detection with payload encryption, stealing your passwords and sensitive info.

Learn more: https://thehackernews.com/2024/01/atomic-stealer-gets-upgrade-targeting.html

🔐 Ransomware incidents hit a new high in 2023, targeting major players like MGM & Johnson Controls. Discover how #GenAI is revolutionizing cyber threats and why your organization should be concerned.

Read insights here: https://thehackernews.com/2024/01/there-is-ransomware-armageddon-coming.html

🚨 FBot, a new Python-based hacking tool, is targeting major platforms like AWS, Microsoft 365, and PayPal. It's designed for credential harvesting and account hijacking.

Discover more about it: https://thehackernews.com/2024/01/new-python-based-fbot-hacking-toolkit.html

🔥 Researchers develop a Proof-of-Concept code targeting a critical flaw in Apache OfBiz ERP system, enabling execution of a stealthy, memory-resident payload.

Learn more: https://thehackernews.com/2024/01/new-poc-exploit-for-apache-ofbiz.html

Unravel the complexities of cloud security and reveal the attack paths and risks lurking in cloud environments and connected assets.

Learn how to proactively strengthen your defenses with Uptycs experts Sudarsan Kannan and Andre Rall in their upcoming #webinar “Mastering Cloud Security''.

Join Now: https://thehackernews.co/3SeXdo8

Cybercriminals are increasingly using GitHub for malicious activities such as payload delivery and command-and-control operations.

Learn more about this evolving 'living-off-trusted-sites' threat. ➡️ https://thehackernews.com/2024/01/threat-actors-increasingly-abusing.html

💻 SharePoint users, beware!

U.S. cybersecurity agency warns of active exploitation of a critical Microsoft SharePoint flaw that can let attackers gain admin rights without any user action.

🛠️ Patch now: https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html

🚨 New cyberattack targeting Apache Hadoop & Flink using misconfigurations to deploy crypto miners.

A crafty blend of packers & rootkits keeps this malware under the radar.

Dive into the details here: https://thehackernews.com/2024/01/cryptominers-targeting-misconfigured.html

Mike Tyson and Cybersecurity: More in Common Than You Think!

Learn how Tyson's famous words apply to cybersecurity preparedness; and how BAS keeps your security in fighting shape against evolving threats.

Read the full story at https://thehackernews.com/2024/01/applying-tyson-principle-to.html

GitLab users, beware! Security updates released to address critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356).

One of these could allow account takeover without user interaction.

Find details here: https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html

☠️ Medusa ransomware escalates tactics beyond data leaks, now threatening physical violence.

Targeting tech companies, healthcare, and education sectors, it exploits flaws and employs "living off the land" techniques to remain undetected.

Read: https://thehackernews.com/2024/01/medusa-ransomware-on-rise-from-data.html

⚡ Nation-state hackers weaponizing Ivanti Connect Secure VPN zero-days to deploy five malware families in a targeted cyber espionage campaign.

Learn more: https://thehackernews.com/2024/01/nation-state-actors-weaponize-ivanti.html

Patch ASAP!

⚠️ Your cloud account could be mining cryptocurrency without you knowing!

29-year-old Ukrainian arrested for a major cryptojacking scheme, netting over $2 MILLION in profits.

Read details: https://thehackernews.com/2024/01/29-year-old-ukrainian-cryptojacking.html

🚨 Critical Update! Juniper Networks addresses a major 9.8-rated RCE vulnerability in SRX Series firewalls & EX Series switches.

CVE-2024-21591 details here: https://thehackernews.com/2024/01/critical-rce-vulnerability-uncovered-in.html

Denmark's energy sector faced cyber threats in 2023 due to an old Zyxel firewall vulnerability. Forescout's report suggests Sandworm group may not be responsible.

Insightful details here ➡️ https://thehackernews.com/2024/01/new-findings-challenge-attribution-in.html

Environmental services hit by a massive 61,839% increase in DDoS attacks.

Gaming, gambling, telecoms... no industry is safe from HTTP DDoS attacks.

Read this latest report to understand the scope of these threats: https://thehackernews.com/2024/01/ddos-attacks-on-environmental-services.html

⚠️ Over 7,100 WordPress sites have been hit by the 'Balada Injector' #malware, which exploits sites using a vulnerable version of the Popup Builder plugin.

Read More ➡️ https://thehackernews.com/2024/01/balada-injector-infects-over-7100.html

Bosch's smart devices have high-severity vulnerabilities, posing a risk to your thermostat and smart nutrunners.

Find out how it could impact your home security: https://thehackernews.com/2024/01/high-severity-flaws-uncovered-in-bosch.html

⚡ Critical security flaw found in Opera Browser!

MyFlow sync feature lets attackers take over your Windows and macOS systems.

Read the full story: https://thehackernews.com/2024/01/opera-myflaw-bug-could-let-hackers-run.html