Explore the lesser-known pitfalls of secrets storage and management. Avoid the top 5 secrets management mistakes that could compromise your infrastructure.

Learn from the pros how to secure your API keys, certificates, and more.

Read: https://thehackernews.com/2024/03/secrets-sensei-conquering-secrets.html

⚡ Alert ⇢ Microsoft confirms Russian hackers (Midnight Blizzard) stole internal data & some source code after a January email breach. They're using stolen data to target customers.

Learn more ⬎ https://thehackernews.com/2024/03/microsoft-confirms-russian-hackers.html

⚠️ Hackers are getting faster! Magnet Goblin, a threat group known for fast exploitation of 1-day vulnerabilities, targets edge devices & public servers to deploy malware like Nerbian RAT.

Learn more ⇢ https://thehackernews.com/2024/03/magnet-goblin-hacker-group-leveraging-1.html

⚠️ URGENT patch needed! Progress OpenEdge Authentication Gateway/AdminServer vulnerability (CVE-2024-1403) allows authentication bypass.

Proof-of-concept exploit is available.

Learn more: https://thehackernews.com/2024/03/proof-of-concept-exploit-released-for.html

Update to supported versions ASAP.

🔒Alert: Cybercriminals weaponizing vulnerabilities in JetBrains TeamCity software to deploy BianLian ransomware for extortion attacks.

Learn more: https://thehackernews.com/2024/03/bianlian-threat-actors-exploiting.html

Are you looking for a better way to keep up with the ever-expanding attack surface?

Gartner established the Continuous Threat Exposure Management (CTEM) framework to help security teams prioritize and validate issues into an actionable remediation plan.

Join XMCyber's webinar featuring Gartner VP Analyst Pete Shoard to learn:

✅ Why adopting CTEM is essential to control your threat landscape
✅ What are the 5 steps of the CTEM program
✅ How you can operationalize CTEM in your organization

Register Now: https://thehackernews.uk/ctem-framework-webinar

🔒 Protecting data in the cloud requires a new approach. Discover why browser-based DLP is the key to securing corporate data online.

Get insights from LayerX's comprehensive guide:
https://thehackernews.com/2024/03/data-leakage-prevention-in-age-of-cloud.html

⚠️ Beware of fake DocuSign emails – they're designed to trick you into downloading the New CHAVECLOAK Android banking malware.

What it does:
- Hijacks your screen
- Logs your keystrokes
- Uses fake pop-ups to capture your banking logins

Read: https://thehackernews.com/2024/03/new-banking-trojan-chavecloak-targets.html

⚠️ Heads up, WordPress admins! Over 3,900 websites compromised in weeks.

A high-severity flaw in the Ultimate Member plugin exposes sites to attacks, leading to phishing scams.

Learn more: https://thehackernews.com/2024/03/malware-campaign-exploits-popup-builder.html

Secure your sites NOW.

For the first time, Russia detains a South Korean national, Baek Won-soon, on cyber espionage charges. Transferred from Vladivostok to Moscow for further investigation.

Learn more: https://thehackernews.com/2024/03/south-korean-citizen-detained-in-russia.html

Heads up, developers! Hackers are targeting crypto wallets with sneaky PyPI packages. Thousands of downloads already affected. Check your dependencies!

Learn more: https://thehackernews.com/2024/03/watch-out-these-pypi-python-packages.html

Tired of being overwhelmed by security exposures?

Discover the power of Continuous Threat Exposure Management (CTEM). Identify critical assets, prioritize risks, and get actionable recommendations for improved security posture.

Get started 👇 https://thehackernews.com/2024/03/ctem-101-go-beyond-vulnerability.html

🚨 Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.

Update ASAP. Learn more: https://thehackernews.com/2024/03/microsofts-march-updates-fix-61.html

🚨 Alert: A new phishing campaign uses a Java-based downloader to distribute VCURMS & STRRAT RATs, leveraging public services like AWS & GitHub for malware hosting.

Learn more: https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html

Beware of adversary-in-the-middle attacks: Hackers create fake login pages to steal credentials and manipulate MFA prompts. Protect yourself by verifying websites and being cautious with links

Read: https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html

Researchers reveal Google's Gemini AI is vulnerable to LLM attacks that could leak sensitive data, generate harmful content, and be used for malicious purposes.

Read: https://thehackernews.com/2024/03/researchers-highlight-googles-gemini-ai.html

Cybercriminals are now targeting the latest weak spot—identities within SaaS applications.

Join our webinar to learn how to secure both human and non-human identities against data breaches and financial losses.

Register now: https://thehackernews.com/2024/03/join-our-webinar-on-protecting-human.html

Latest version of PixPirate Android banking trojan evades detection by removing the ability to launch the app from the home screen. The complex infection chain involves both a downloader and the main malicious app working in tandem.

Read: https://thehackernews.com/2024/03/pixpirate-android-banking-trojan-using.html

Tools of the Trade: Anti-malware scanning, WAFs, and sandboxing alone aren't sufficient for protecting against malicious uploads.

Learn why and discover what offers better protection in our detailed analysis: https://thehackernews.com/2024/03/demystifying-common-cybersecurity-myth.html

⚠️ Vulnerability Alert: Fortinet warns of a severe SQL Injection vulnerability (CVE-2023-48788) in FortiClientEMS allowing unauthenticated attackers to execute code remotely.

Details: https://thehackernews.com/2024/03/fortinet-warns-of-severe-sqli.html

Check if your versions are affected and upgrade ASAP!