🛡️ 🔒 Struggling with blind spots in your website's security?

Reflectiz proactively detects vulnerabilities, malicious code, and overlooked trackers on your site to protect against attacks, breaches, and compliance problems.

Learn more: https://thehackernews.com/2024/03/a-new-way-to-manage-your-web-exposure.html

🚨 New malware campaign targets misconfigured servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis to deliver cryptocurrency miners and enable remote access.

Learn more: https://thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html

🚨 Beware! Cybercriminals use fake Zoom, Skype, & Google Meet sites to spread RATs (Remote Access Trojans). These steal info, log keystrokes & more, targeting Windows, Android, & Linux.

Learn more: https://thehackernews.com/2024/03/watch-out-for-spoofed-zoom-skype-google.html

⚠️ New Python-based info stealer dubbed 'Snake' is leveraging Facebook messages to capture sensitive data, targeting credentials & cookies for malicious use.

Read: https://thehackernews.com/2024/03/new-python-based-snake-info-stealer.html

Attackers exploit Discord, GitHub, & Telegram to transmit harvested data.

Chinese national working at Google arrested for allegedly stealing sensitive trade secrets in Artificial Intelligence tech & transferring them to rival Chinese companies he was secretly working for.

Learn more: https://thehackernews.com/2024/03/ex-google-engineer-arrested-for.html

Chinese cyber threat group "Evasive Panda" targets Tibetan users with watering hole and supply chain attacks, using backdoor MgBot and new implant Nightdoor.

Read details: https://thehackernews.com/2024/03/chinese-state-hackers-target-tibetans.html

In the evolving world of SaaS, security isn't just about humans anymore. Learn how non-human accounts, from service bots to integrations like Calendly, require the same rigorous security measures.

Read: https://thehackernews.com/2024/03/human-vs-non-human-identity-in-saas.html

🚨 Security Alert: Over 700 WordPress sites hit by brute-force attacks using malicious JavaScript injections, leveraging innocent visitors' browsers to compromise more sites.

Learn more: https://thehackernews.com/2024/03/hacked-wordpress-sites-abusing-visitors.html

⚠️ CISA adds critical JetBrains TeamCity flaw to exploited vulnerabilities list.

If you use TeamCity On-Premises, update NOW. Active attacks allow complete server takeover.

Learn more: https://thehackernews.com/2024/03/cisa-warns-of-actively-exploited.html

Threat actors used QEMU emulator to create stealthy network tunnels during a recent cyberattack, bypassing traditional security defenses with sophisticated tactics.

Learn more: https://thehackernews.com/2024/03/cybercriminals-utilize-qemu-emulator-as.html

🚨 Cisco issued patches for a high-severity flaw (CVE-2024-20337) in Secure Client software on Windows, Linux, and macOS. Attackers could hijack VPN sessions.

Check and update now: https://thehackernews.com/2024/03/cisco-issues-patch-for-high-severity.html

🔒 Meta announces plans for interoperability between WhatsApp, Messenger, and third-party messaging services, maintaining end-to-end encryption in response to the EU's Digital Markets Act.

Learn more: https://thehackernews.com/2024/03/meta-details-whatsapp-and-messenger.html

Explore the lesser-known pitfalls of secrets storage and management. Avoid the top 5 secrets management mistakes that could compromise your infrastructure.

Learn from the pros how to secure your API keys, certificates, and more.

Read: https://thehackernews.com/2024/03/secrets-sensei-conquering-secrets.html

⚡ Alert ⇢ Microsoft confirms Russian hackers (Midnight Blizzard) stole internal data & some source code after a January email breach. They're using stolen data to target customers.

Learn more ⬎ https://thehackernews.com/2024/03/microsoft-confirms-russian-hackers.html

⚠️ Hackers are getting faster! Magnet Goblin, a threat group known for fast exploitation of 1-day vulnerabilities, targets edge devices & public servers to deploy malware like Nerbian RAT.

Learn more ⇢ https://thehackernews.com/2024/03/magnet-goblin-hacker-group-leveraging-1.html

⚠️ URGENT patch needed! Progress OpenEdge Authentication Gateway/AdminServer vulnerability (CVE-2024-1403) allows authentication bypass.

Proof-of-concept exploit is available.

Learn more: https://thehackernews.com/2024/03/proof-of-concept-exploit-released-for.html

Update to supported versions ASAP.

🔒Alert: Cybercriminals weaponizing vulnerabilities in JetBrains TeamCity software to deploy BianLian ransomware for extortion attacks.

Learn more: https://thehackernews.com/2024/03/bianlian-threat-actors-exploiting.html

Are you looking for a better way to keep up with the ever-expanding attack surface?

Gartner established the Continuous Threat Exposure Management (CTEM) framework to help security teams prioritize and validate issues into an actionable remediation plan.

Join XMCyber's webinar featuring Gartner VP Analyst Pete Shoard to learn:

✅ Why adopting CTEM is essential to control your threat landscape
✅ What are the 5 steps of the CTEM program
✅ How you can operationalize CTEM in your organization

Register Now: https://thehackernews.uk/ctem-framework-webinar

🔒 Protecting data in the cloud requires a new approach. Discover why browser-based DLP is the key to securing corporate data online.

Get insights from LayerX's comprehensive guide:
https://thehackernews.com/2024/03/data-leakage-prevention-in-age-of-cloud.html

⚠️ Beware of fake DocuSign emails – they're designed to trick you into downloading the New CHAVECLOAK Android banking malware.

What it does:
- Hijacks your screen
- Logs your keystrokes
- Uses fake pop-ups to capture your banking logins

Read: https://thehackernews.com/2024/03/new-banking-trojan-chavecloak-targets.html