U.S. Treasury sanctions 12 Kaspersky executives following Commerce Department's ban on Kaspersky software in the U.S. The company and CEO remain unaffected.

Learn more: https://thehackernews.com/2024/06/us-treasury-sanctions-12-kaspersky.html

🚨 Beware: A new adware, AdsExhaust, is targeting Meta Quest app seekers with malicious downloads, manipulating browsers, and generating unauthorized revenue through sophisticated techniques.

Read: https://thehackernews.com/2024/06/warning-new-adware-campaign-targets.html

New cybercrime gang ExCobalt targets Russian organizations with sophisticated GoRed backdoor.

Explore their tactics: https://thehackernews.com/2024/06/excobalt-cyber-gang-targets-russian.html

Cyber espionage groups are using Rafel RAT, an open-source Android tool, disguised as popular apps like Instagram, WhatsApp, and more. This malware conducts data theft and device manipulation.

Read: https://thehackernews.com/2024/06/iranian-hackers-deploy-rafel-rat-in.html

🛑 RedJuliett, a suspected China-linked cyber group, target Taiwan and other countries in extensive cyber espionage campaign, exploiting vulnerabilities in internet-facing devices for intelligence gathering.

Read: https://thehackernews.com/2024/06/redjuliett-cyber-espionage-campaign.html

Join Luke Jennings, VP R&D at Push Security, to explore the impact of the ongoing Snowflake incident and the practical steps that organizations can take to investigate and respond effectively, avoiding some of the common pitfalls relating to how identities are configured in Snowflake

Register for the webinar here: https://go.thn.li/snowflake-webinar-tel

🚨 Critical security flaw (CVE-2024-37032) discovered in Ollama, an open-source AI platform, could lead to remote code execution.

Learn more: https://thehackernews.com/2024/06/critical-rce-vulnerability-discovered.html

Over 1,000 exposed instances found. Patch available in v0.1.34.

Google Project Zero introduces 'Naptime,' an LLM-powered framework for vulnerability research. It boosts LLMs' CyberSecEval 2 performance, using advanced tools to better identify and exploit software flaws.

Read: https://thehackernews.com/2024/06/google-introduces-project-naptime-for.html

Overwhelmed by cybersecurity threats?

Cybersixgill’s IQ Report Generator automates CTI reports in minutes, freeing your team for proactive defense measures.

Don’t miss out—see how it works: https://thehackernews.com/2024/06/ease-burden-with-ai-driven-threat.html

🚨 Alert: Popular WordPress plugins backdoored to create rogue admin accounts. Users advised to inspect sites, remove suspicious admins, and update affected plugins.

Learn more: https://thehackernews.com/2024/06/multiple-wordpress-plugins-compromised.html

🛡️ Four Vietnamese nationals linked to the FIN9 cybercrime group indicted in the U.S., accused of causing over $71 million in losses through computer intrusions.

Learn how they pulled it off and what charges they face: https://thehackernews.com/2024/06/4-fin9-linked-vietnamese-hackers.html

WikiLeaks founder Julian Assange freed after 5 years in U.K. prison. His 14-year legal battle ends with a plea deal.

Read details here: https://thehackernews.com/2024/06/wikileaks-julian-assange-released-from.html

Assange has left the U.K. and is en route to Australia.

Researchers uncover a new attack technique called GrimResource, exploited in the wild, which uses specially crafted Microsoft Management Saved Console (MSC) files to achieve full code execution and evade security defenses.

Details: https://thehackernews.com/2024/06/new-attack-technique-exploits-microsoft.html

New threat actor "Boolka" uses SQL injection to infect websites with BMANAGER trojan, stealing data via malicious scripts.

Learn more about their sophisticated tactics: https://thehackernews.com/2024/06/new-cyberthreat-boolka-deploying.html

🔒 Tight on budget but need to ramp up data security in #Googleworkspace? Don’t miss the exclusive webinar: "Data Loss & Leaks Prevention: Beyond GAM." Peek behind the curtain to see how top IT pros have achieved a stunning 98% increase in compliance and security by maximizing the native capabilities of Googleapps and automating routine Googlework space admin tasks — all without breaking the bank.

💡 Topics covered will include:

• Automation of External Files Sharing Audits

• Monitoring and Taking Action on Out of Domain Email Forwarding

• Management of 'Zombie Drives' and more

Don’t miss out on this zero-fluff, zero-filler, 100% hands-on live event brought to you by Zenphi! Secure a spot today by registering for free here: https://thn.news/dlp-google-workspace

🔒 Discover how browser security platforms help CISOs cut costs, boost efficiency, and enhance cybersecurity.

Read real-life success stories: https://thehackernews.com/2024/06/how-to-cut-costs-with-browser-security.html

WARNING: Google blocks ads for websites using polyfill[.]io library due to a supply chain attack where the domain was acquired by a Chinese company and modified to redirect users to malicious sites.

Details: https://thehackernews.com/2024/06/over-110000-websites-affected-by.html

🚨 Alert: Discover how the updated Medusa Android banking trojan targets users in 7 countries, featuring new stealth capabilities and expanded reach.

Read: https://thehackernews.com/2024/06/new-medusa-android-trojan-targets.html

🕵️‍♀️ 💳 A new credit card web skimmer called "Caesar Cipher Skimmer" is targeting multiple CMS platforms including WordPress, Magento, and OpenCart to steal financial and payment information.

Details: https://thehackernews.com/2024/06/new-credit-card-skimmer-targets.html

Apple releases firmware security update for AirPods and Beats devices, addressing a critical Bluetooth vulnerability that could allow unauthorized access and eavesdropping.

Learn more about CVE-2024-27867: https://thehackernews.com/2024/06/apple-patches-airpods-bluetooth.html