🔒Alert: Cybercriminals weaponizing vulnerabilities in JetBrains TeamCity software to deploy BianLian ransomware for extortion attacks.

Learn more: https://thehackernews.com/2024/03/bianlian-threat-actors-exploiting.html

Are you looking for a better way to keep up with the ever-expanding attack surface?

Gartner established the Continuous Threat Exposure Management (CTEM) framework to help security teams prioritize and validate issues into an actionable remediation plan.

Join XMCyber's webinar featuring Gartner VP Analyst Pete Shoard to learn:

✅ Why adopting CTEM is essential to control your threat landscape
✅ What are the 5 steps of the CTEM program
✅ How you can operationalize CTEM in your organization

Register Now: https://thehackernews.uk/ctem-framework-webinar

🔒 Protecting data in the cloud requires a new approach. Discover why browser-based DLP is the key to securing corporate data online.

Get insights from LayerX's comprehensive guide:
https://thehackernews.com/2024/03/data-leakage-prevention-in-age-of-cloud.html

⚠️ Beware of fake DocuSign emails – they're designed to trick you into downloading the New CHAVECLOAK Android banking malware.

What it does:
- Hijacks your screen
- Logs your keystrokes
- Uses fake pop-ups to capture your banking logins

Read: https://thehackernews.com/2024/03/new-banking-trojan-chavecloak-targets.html

⚠️ Heads up, WordPress admins! Over 3,900 websites compromised in weeks.

A high-severity flaw in the Ultimate Member plugin exposes sites to attacks, leading to phishing scams.

Learn more: https://thehackernews.com/2024/03/malware-campaign-exploits-popup-builder.html

Secure your sites NOW.

For the first time, Russia detains a South Korean national, Baek Won-soon, on cyber espionage charges. Transferred from Vladivostok to Moscow for further investigation.

Learn more: https://thehackernews.com/2024/03/south-korean-citizen-detained-in-russia.html

Heads up, developers! Hackers are targeting crypto wallets with sneaky PyPI packages. Thousands of downloads already affected. Check your dependencies!

Learn more: https://thehackernews.com/2024/03/watch-out-these-pypi-python-packages.html

Tired of being overwhelmed by security exposures?

Discover the power of Continuous Threat Exposure Management (CTEM). Identify critical assets, prioritize risks, and get actionable recommendations for improved security posture.

Get started 👇 https://thehackernews.com/2024/03/ctem-101-go-beyond-vulnerability.html

🚨 Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.

Update ASAP. Learn more: https://thehackernews.com/2024/03/microsofts-march-updates-fix-61.html

🚨 Alert: A new phishing campaign uses a Java-based downloader to distribute VCURMS & STRRAT RATs, leveraging public services like AWS & GitHub for malware hosting.

Learn more: https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html

Beware of adversary-in-the-middle attacks: Hackers create fake login pages to steal credentials and manipulate MFA prompts. Protect yourself by verifying websites and being cautious with links

Read: https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html

Researchers reveal Google's Gemini AI is vulnerable to LLM attacks that could leak sensitive data, generate harmful content, and be used for malicious purposes.

Read: https://thehackernews.com/2024/03/researchers-highlight-googles-gemini-ai.html

Cybercriminals are now targeting the latest weak spot—identities within SaaS applications.

Join our webinar to learn how to secure both human and non-human identities against data breaches and financial losses.

Register now: https://thehackernews.com/2024/03/join-our-webinar-on-protecting-human.html

Latest version of PixPirate Android banking trojan evades detection by removing the ability to launch the app from the home screen. The complex infection chain involves both a downloader and the main malicious app working in tandem.

Read: https://thehackernews.com/2024/03/pixpirate-android-banking-trojan-using.html

Tools of the Trade: Anti-malware scanning, WAFs, and sandboxing alone aren't sufficient for protecting against malicious uploads.

Learn why and discover what offers better protection in our detailed analysis: https://thehackernews.com/2024/03/demystifying-common-cybersecurity-myth.html

⚠️ Vulnerability Alert: Fortinet warns of a severe SQL Injection vulnerability (CVE-2023-48788) in FortiClientEMS allowing unauthenticated attackers to execute code remotely.

Details: https://thehackernews.com/2024/03/fortinet-warns-of-severe-sqli.html

Check if your versions are affected and upgrade ASAP!

🛑 A new DarkGate malware campaign uses a recently patched #Microsoft Windows flaw (CVE-2024-21412) to deploy malicious software via bogus installers.

Learn more: https://thehackernews.com/2024/03/darkgate-malware-exploits-recently.html

Researchers detail a high-severity flaw in Kubernetes, CVE-2023-5528, that allowed attackers remote code execution with SYSTEM privileges on Windows endpoints within a cluster.

Learn more: https://thehackernews.com/2024/03/researchers-detail-kubernetes.html

RedCurl cybercrime group found exploiting Windows Program Compatibility Assistant for malicious activities. This sophisticated method allows attackers to bypass security and run malicious commands.

Read: https://thehackernews.com/2024/03/redcurl-cybercrime-group-abuses-windows.html

Blind Eagle expands its cyber threats, now using Ande Loader malware to deliver RATs via phishing.

Targets? Spanish-speaking manufacturing industry in North America

Read: https://thehackernews.com/2024/03/ande-loader-malware-targets.html