New threat actor "Boolka" uses SQL injection to infect websites with BMANAGER trojan, stealing data via malicious scripts.

Learn more about their sophisticated tactics: https://thehackernews.com/2024/06/new-cyberthreat-boolka-deploying.html

🔒 Tight on budget but need to ramp up data security in #Googleworkspace? Don’t miss the exclusive webinar: "Data Loss & Leaks Prevention: Beyond GAM." Peek behind the curtain to see how top IT pros have achieved a stunning 98% increase in compliance and security by maximizing the native capabilities of Googleapps and automating routine Googlework space admin tasks — all without breaking the bank.

💡 Topics covered will include:

• Automation of External Files Sharing Audits

• Monitoring and Taking Action on Out of Domain Email Forwarding

• Management of 'Zombie Drives' and more

Don’t miss out on this zero-fluff, zero-filler, 100% hands-on live event brought to you by Zenphi! Secure a spot today by registering for free here: https://thn.news/dlp-google-workspace

🔒 Discover how browser security platforms help CISOs cut costs, boost efficiency, and enhance cybersecurity.

Read real-life success stories: https://thehackernews.com/2024/06/how-to-cut-costs-with-browser-security.html

WARNING: Google blocks ads for websites using polyfill[.]io library due to a supply chain attack where the domain was acquired by a Chinese company and modified to redirect users to malicious sites.

Details: https://thehackernews.com/2024/06/over-110000-websites-affected-by.html

🚨 Alert: Discover how the updated Medusa Android banking trojan targets users in 7 countries, featuring new stealth capabilities and expanded reach.

Read: https://thehackernews.com/2024/06/new-medusa-android-trojan-targets.html

🕵️‍♀️ 💳 A new credit card web skimmer called "Caesar Cipher Skimmer" is targeting multiple CMS platforms including WordPress, Magento, and OpenCart to steal financial and payment information.

Details: https://thehackernews.com/2024/06/new-credit-card-skimmer-targets.html

Apple releases firmware security update for AirPods and Beats devices, addressing a critical Bluetooth vulnerability that could allow unauthorized access and eavesdropping.

Learn more about CVE-2024-27867: https://thehackernews.com/2024/06/apple-patches-airpods-bluetooth.html

Explore key strategies to secure software supply chains effectively amidst rising cyber threats. Learn about SBOMs, SLSA, and DevSecOps best practices.

Learn more: https://thehackernews.com/2024/06/practical-guidance-for-securing-your.html

🌍 State-sponsored cyber groups from China and North Korea have been linked to ransomware attacks on global governments and critical infrastructure.

Learn more about the tactics used ➡️ https://thehackernews.com/2024/06/chinese-and-n-korean-hackers-target.html

🚨 Critical security flaw discovered in Progress Software's MOVEit Transfer.

CVE-2024-5806 allows authentication bypass and is already being exploited. Update now to protect your systems.

Read details: https://thehackernews.com/2024/06/new-moveit-transfer-vulnerability-under.html

🚨 Critical security flaw found in Fortra FileCatalyst Workflow. CVE-2024-5276 scores 9.8 on CVSS. Patch now to protect your data from SQL injection attacks.

Details here ➡️ https://thehackernews.com/2024/06/critical-sqli-vulnerability-found-in.html

A 22-year-old Russian national has been indicted in the U.S. for cyberattacks against Ukraine and its allies just before Russia's invasion in 2022.

US offers $10M reward. Read more: https://thehackernews.com/2024/06/russian-national-indicted-for-cyber.html

⚠️ Attention developers — A new high-severity prompt injection flaw (CVE-2024-5565) in Vanna AI library exposes databases to remote code execution.

Find out how this flaw could impact your projects: https://thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html

Discover the power of Python in blockchain development with AlgoKit!

Explore how you can build decentralized applications securely and efficiently.

Learn about setup, benefits, and getting started with dApps: https://thehackernews.com/2024/06/how-to-use-python-to-build-secure.html

Ensuring data security remains crucial, which is why GigaOm recently released a new DSPM report highlighting industry leaders.

Sentra has emerged as a leader and rapid innovator, receiving high scores for its data mapping, access intelligence, and on-premises capabilities.

View the full report here 👇
https://thn.news/data-security-posture

🚨 Alert: Rust-based worm P2PInfect botnet has evolved to target misconfigured Redis servers with ransomware and cryptocurrency miners, showcasing new financial motivations and advanced evasion techniques.

Learn more: https://thehackernews.com/2024/06/rust-based-p2pinfect-botnet-evolves.html

Alert: TeamViewer detected an irregularity in its internal corporate IT environment. Investigations are ongoing to identify the attackers and the method of intrusion.

Learn more: https://thehackernews.com/2024/06/teamviewer-detects-security-breach-in.html

Multiple critical vulnerabilities have been identified in Emerson Rosemount gas chromatographs that could be exploited to execute arbitrary commands, bypass authentication, and cause DoS conditions.

Read: https://thehackernews.com/2024/06/researchers-warn-of-flaws-in-widely.html

🕵️‍♂️ Researchers unveil SnailLoad — a new side-channel attack exploiting network latency spy on users' web activity remotely, achieving up to 98% for video content and 63% for website visits.

Read: https://thehackernews.com/2024/06/new-snailload-attack-exploits-network.html

From PowerShell scripts to mimicking legitimate apps, discover how the 8220 Gang exploits Oracle WebLogic Server vulnerabilities using fileless techniques for cryptocurrency mining.

Read: https://thehackernews.com/2024/06/8220-gang-exploits-oracle-weblogic.html