Critical TeamCity software flaws leave CI/CD servers open to complete takeover.

Read more about CVE-2024-27198, CVE-2024-27199 and update your systems now → https://thehackernews.com/2024/03/critical-jetbrains-teamcity-on-premises.html

Beware of ZIP attachments in emails! TA577's new phishing tactic aims to steal NTLM hashes, posing a serious threat to enterprise security.

Learn how they're advancing cybercrime tactics: https://thehackernews.com/2024/03/warning-thread-hijacking-attack-targets.html

225,000+ login credentials for OpenAI's ChatGPT accounts were stolen by LummaC2, Raccoon, and RedLine malware, then sold on the dark web.

Learn more: https://thehackernews.com/2024/03/over-225000-compromised-chatgpt.html

Watch Out - Cybercrime group "Savvy Seahorse" exploits a novel DNS hijacking technique for investment scams. They employ fake trading platforms, social media ads, and even AI chatbots to lure victims.

Learn more: https://thehackernews.com/2024/03/cybercriminals-using-novel-dns.html

North Korean hackers exploit ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 & CVE-2024-1709) to deploy TODDLERSHARK malware, adding to the notorious Kimsuky arsenal alongside BabyShark and ReconShark.

Learn more: https://thehackernews.com/2024/03/hackers-exploit-connectwise.html

🚨 Heads up, Apple users!

Apple rolls out crucial updates for iOS & iPadOS to patch actively exploited vulnerabilities CVE-2024-23225 & CVE-2024-23296, enhancing kernel memory protection.

Ensure your devices are updated: https://thehackernews.com/2024/03/urgent-apple-issues-critical-updates.html

Group-IB uncovers #LotusBane, an advanced threat actor using sophisticated methods like DLL side-loading for cyber espionage in Vietnam. Similarities with OceanLotus raise concerns.

Read: https://thehackernews.com/2024/03/new-apt-group-lotus-bane-behind-recent.html

Cisco Talos reveals that GhostSec & Stormous ransomware groups are now offering GhostLocker through a new RaaS program, STMX_GhostLocker, targeting over 15 countries across tech, gov, education & more.

Read: https://thehackernews.com/2024/03/alert-ghostsec-and-stormous-launch.html

VMware releases updates for ESXi, Workstation, and Fusion to patch new security vulnerabilities with potential for code execution by attackers.

Read: https://thehackernews.com/2024/03/vmware-issues-security-patches-for-esxi.html

Check your versions and update ASAP.

U.S. Department of Treasury sanctions individuals and entities of the Intellexa Alliance for distributing #spyware, compromising #privacy and security of government officials and journalists worldwide.

Read: https://thehackernews.com/2024/03/us-cracks-down-on-predatory-spyware.html

Excessive Google Drive permissions can risk your confidential data.

Material Security offers automated protection for your sensitive data, replacing manual checks and complex APIs.

Check it out ➡️ https://thehackernews.com/2024/03/how-to-find-and-fix-risky-sharing-in.html

The Georgetown Master's in #Cybersecurity Risk Management covers business, law, computer science, and organizational change.


Learn more: https://thehackernews.uk/online-masters-cybersecurity

🚨 BlackCat ransomware gang suspected of pulling a major exit scam.

Fake seizure notice posted as they close down, following an alleged refusal to split a $22 Million healthcare ransom payout with affiliates.

Read: https://thehackernews.com/2024/03/exit-scam-blackcat-ransomware-group.html

🛡️ 🔒 Struggling with blind spots in your website's security?

Reflectiz proactively detects vulnerabilities, malicious code, and overlooked trackers on your site to protect against attacks, breaches, and compliance problems.

Learn more: https://thehackernews.com/2024/03/a-new-way-to-manage-your-web-exposure.html

🚨 New malware campaign targets misconfigured servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis to deliver cryptocurrency miners and enable remote access.

Learn more: https://thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html

🚨 Beware! Cybercriminals use fake Zoom, Skype, & Google Meet sites to spread RATs (Remote Access Trojans). These steal info, log keystrokes & more, targeting Windows, Android, & Linux.

Learn more: https://thehackernews.com/2024/03/watch-out-for-spoofed-zoom-skype-google.html

⚠️ New Python-based info stealer dubbed 'Snake' is leveraging Facebook messages to capture sensitive data, targeting credentials & cookies for malicious use.

Read: https://thehackernews.com/2024/03/new-python-based-snake-info-stealer.html

Attackers exploit Discord, GitHub, & Telegram to transmit harvested data.

Chinese national working at Google arrested for allegedly stealing sensitive trade secrets in Artificial Intelligence tech & transferring them to rival Chinese companies he was secretly working for.

Learn more: https://thehackernews.com/2024/03/ex-google-engineer-arrested-for.html

Chinese cyber threat group "Evasive Panda" targets Tibetan users with watering hole and supply chain attacks, using backdoor MgBot and new implant Nightdoor.

Read details: https://thehackernews.com/2024/03/chinese-state-hackers-target-tibetans.html

In the evolving world of SaaS, security isn't just about humans anymore. Learn how non-human accounts, from service bots to integrations like Calendly, require the same rigorous security measures.

Read: https://thehackernews.com/2024/03/human-vs-non-human-identity-in-saas.html