💻 A new vulnerability, CVE-2024-28085, dubbed "WallEscape," impacts the "wall" command in util-linux, potentially exposing passwords or altering clipboards on Linux distros like Ubuntu & Debian.

Read more ➟ https://thehackernews.com/2024/03/new-linux-bug-could-lead-to-user.html

🚨 ALERT: TheMoon botnet, previously thought to be inactive, is back.

Over 40,000 hijacked routers & IoT devices power Faceless, a criminal proxy service used to steal data, attack financial systems, & spread malware like SolarMarker & IcedID.

Read ➟ https://thehackernews.com/2024/03/themoon-botnet-resurfaces-exploiting.html

⚠️ New security flaws found in Dormakaba's Saflok RFID locks could allow attackers to easily forge keycards and access any room, affecting MILLIONS of hotel locks worldwide.

Read: https://thehackernews.com/2024/03/dormakaba-locks-used-in-millions-of.html

Outdated pen testing is expensive & leaves holes in your security. With automation and AI, companies can now affordably assess network security regularly, spotting vulnerabilities before attackers do.

💪 Find out how: https://thehackernews.com/2024/03/the-golden-age-of-automated-penetration.html

🛑URGENT SECURITY ALERT!

Secret backdoor found in XZ Utils compression library used by major Linux distros, like Fedora, Kali Linux, and openSUSE. Attackers could breach SSH and take control of systems.

https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html

Update and review your systems immediately.

⚠️ Mac users, beware! Malicious ads and fake websites are spreading dangerous malware like Atomic Stealer, which can steal your passwords, cryptocurrency, and other sensitive data.

Learn more: https://thehackernews.com/2024/03/hackers-target-macos-users-with.html

🚨 Android users beware! Vultur, the notorious banking trojan, is back with upgraded new remote control features, encrypted communication, and stealthy techniques.

Learn more: https://thehackernews.com/2024/04/vultur-android-banking-trojan-returns.html

📱⚠️ Malicious Android apps found on the Google Play Store!

Experts uncover VPN apps hijacking users' devices, covertly turning them into proxy nodes for cybercriminals and fueling botnet operations.

Details here: https://thehackernews.com/2024/04/malicious-apps-caught-secretly-turning.html

🔍 Logs are the foundation of monitoring efforts, especially on Windows.

"EventSentry" harnesses the power of detailed log monitoring & real-time validation to detect malware attacks early.

Read: https://thehackernews.com/2024/04/detecting-windows-based-malware-through.html

Don't let blind spots compromise your security.

Who’s using AI tools in your organization? Find out in minutes with Nudge Security. Start a free trial and discover every SaaS account ever created by anyone in your org, including generative AI tools.

The best part? You’ll have a full inventory in minutes and you don’t even have to know what apps you’re looking for. No agents, browser plug-ins or network proxies required.

https://thn.news/mitigate-ai-risks

🛑 TA558 threat actor launches massive phishing campaign targeting Latin American sectors, deploying Venom RAT. Hotels, finance, government among primary targets in Spain, Mexico, U.S., Colombia, Brazil, and more.

Learn more: https://thehackernews.com/2024/04/massive-phishing-campaign-strikes-latin.html

Google agrees to delete BILLION of browsing records to settle class action lawsuit, alleging tracking without consent in Chrome's Incognito Mode.

Find details here: https://thehackernews.com/2024/04/google-to-delete-billions-of-browsing.html

China-linked hacker group Earth Freybug is now using a new malware named "UNAPIMON" to fly under the radar.

Learn more: https://thehackernews.com/2024/04/china-linked-hackers-deploy-new.html

Researchers shed light on their espionage and financially motivated activities.

🛑 Malicious code discovered in widely used Linux tool XZ Utils could lead to remote code execution. The incident underscores the dangers of open-source software reliance.

Read now: https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html

If you use Linux, take action NOW.

What makes Cloud Security tough? Lack of visibility, inconsistent permissions, blurred ownership...

Hybrid attack path analysis is crucial for complete security. Continuous Threat Exposure Management (CTEM) helps block critical attack vectors.

Learn: https://thehackernews.com/2024/04/harnessing-power-of-ctem-for-cloud.html

🚨 Heads up, WordPress admins!

A critical SQL injection flaw in the LayerSlider plugin (CVE-2024-2879) could lead to sensitive data leaks. If you haven't updated, make sure to install version 7.10.1 or latest.

Find details: https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html

⚠️ Banking trojan Mispadu expands to Italy, Poland, and Sweden, stealing thousands of credentials with sophisticated tactics like phishing emails and keystroke capture.

Read details: https://thehackernews.com/2024/04/mispadu-trojan-targets-europe-thousands.html

Google Chrome is testing a new feature called "Device Bound Session Credentials" to fight against session cookie theft by #malware.

DBSC links auth sessions directly to users' devices to stop cookie theft hacks.

Learn more about it: https://thehackernews.com/2024/04/google-chrome-beta-tests-new-dbsc.html

Confused about vulnerability management (VM) vs. attack surface management (ASM)?

They're both important but different. But together, they form a robust defense against cyber threats.

Learn how: https://thehackernews.com/2024/04/attack-surface-management-vs.html

⚠️ U.S. Cyber Safety Review Board slams Microsoft for security failures that enabled a major data breach by China-backed hackers.

Read details: https://thehackernews.com/2024/04/us-cyber-safety-board-slams-microsoft.html