🛡️ U.S. EPA creates 💧 Water Sector Cybersecurity Task Force to protect critical infrastructure against increasing cyberattacks.

Learn more: https://thehackernews.com/2024/03/us-epa-forms-task-force-to-protect.html

Ukraine Cyber Police have arrested three individuals linked to the hijacking of over 100 MILLION email and Instagram accounts worldwide and selling them on darkweb forums.

Read details here: https://thehackernews.com/2024/03/ukraine-arrests-trio-for-hijacking-over.html

🚨 New threat: BunnyLoader 3.0 malware variant emerges with advanced modules for data theft, keylogging, and evasion tactics.

Read details: https://thehackernews.com/2024/03/new-bunnyloader-malware-variant.html

⚠️ Alert: Multiple threat actors exploit security flaws in JetBrains TeamCity to deploy ransomware, crypto miners, Cobalt Strike beacons, and Spark RAT.

Read: https://thehackernews.com/2024/03/teamcity-flaw-leads-to-surge-in.html

Don't be the next victim – update your software!

New "Loop DoS" attack hits UDP-based protocols like DNS, NTP, and more, putting hundreds of thousands of hosts at risk.

Read: https://thehackernews.com/2024/03/new-loop-dos-attack-impacts-hundreds-of.html

Big players like Broadcom, Cisco, and Microsoft impacted.

🚨 Atlassian patched over 25 security issues, including a critical SQL injection bug (CVE-2024-1597) in Bamboo Data Center & Server.

Details: https://thehackernews.com/2024/03/atlassian-releases-fixes-for-over-2.html

Rated 10.0 CVSS score, this flaw requires no user interaction to exploit. Update now to safeguard your systems.

🚨Critical security alert - Ivanti Standalone Sentry users must patch immediately. Remote code execution flaw (CVE-2023-41724) could allow attackers full control of affected systems.

Details: https://thehackernews.com/2024/03/ivanti-releases-urgent-fix-for-critical.html

Get the patch ASAP!

🚨 U.S. Treasury sanctions Russian nationals Ilya Gambashidze & Nikolai Tupikin for running disinformation campaigns aimed at influencing European and US audiences.

Learn more: https://thehackernews.com/2024/03/us-sanctions-russians-behind.html

🚨 Cyber-attack hype vs. reality: Not all operational technology (OT) cyber-attacks are sophisticated threats.

It's time to break down the types and historical impacts to get a clearer picture.

Dive into the details with our latest post: https://thehackernews.com/2024/03/making-sense-of-operational-technology.html

🔥 GitHub introduces new autofix with CodeQL, Copilot APIs, and OpenAI GPT-4 to address 90% of alert types in JavaScript, TypeScript, Java, and Python, fixing two-thirds of vulnerabilities.

Find details here: https://thehackernews.com/2024/03/github-launches-ai-powered-autofix-tool.html

Researchers have uncovered the AndroxGh0st malware, which targets Laravel applications to steal sensitive data from .env files, compromising AWS, SendGrid, and Twilio credentials.

Learn more: https://thehackernews.com/2024/03/androxgh0st-malware-targets-laravel.html

Struggling to manage endless vendor risk assessments in a world overrun by SaaS apps?

Learn how to streamline and accelerate your security reviews to boost security, save time, and align with business objectives.

https://thehackernews.com/2024/03/how-to-accelerate-vendor-risk.html

🚨 New report reveals 800+ packages in the npm registry contain hidden code discrepancies. 18 packages found intentionally exploiting a vulnerability known as "manifest confusion."

Read: https://thehackernews.com/2024/03/over-800-npm-packages-found-with.html

Russia-linked cyber threat group Turla has infected systems of a European NGO, deploying a backdoor called TinyTurla-NG to steal sensitive data.

Learn more: https://thehackernews.com/2024/03/russia-hackers-using-tinyturla-ng-to.html

🚨 Researchers uncover AcidPour malware attacks targeting Ukraine telecoms, a variant linked to Russian military intelligence & AcidRain malware. AcidPour aims to disable devices & cripple critical communications.

Read: https://thehackernews.com/2024/03/russian-hackers-target-ukrainian.html

🔐 U.S. Department of Justice and 16 state Attorneys General have filed a lawsuit against Apple, accusing it of hiding behind claims of 'privacy' and 'security' to justify anticompetitive behavior.

Read details here: https://thehackernews.com/2024/03/us-justice-department-sues-apple-over.html

China-linked threat group aggressively exploits software flaws in ConnectWise ScreenConnect and F5 BIG-IP to breach networks of research institutions, NGOs, and governments in Southeast Asia, the US, and the UK.

Learn more: https://thehackernews.com/2024/03/china-linked-group-breaches-networks.html

🚨 ALERT - Massive "Sign1" malware campaign has infected over 39,000 WordPress websites, redirecting unsuspecting users to scam sites through malicious JavaScript injections.

Learn more: https://thehackernews.com/2024/03/massive-sign1-campaign-infects-39000.html

Critical security flaw patched in Amazon's Managed Workflows for Apache Airflow (MWAA). Vulnerability dubbed 'FlowFixation' could have enabled account hijacking and remote code execution.

Read details: https://thehackernews.com/2024/03/aws-patches-critical-flowfixation-bug.html

⚠️ Researchers uncover a new wave of phishing attacks delivering StrelaStealer malware, impacting over 100 organizations in the E.U. and U.S.

Read details: https://thehackernews.com/2024/03/new-strelastealer-phishing-attacks-hit.html