🔐 Average ransomware payment hits $2M, up 500%! Time to ditch outdated MFA and secure your organization with next-gen MFA to defend against sophisticated attacks.

Learn more: https://thehackernews.com/2024/07/how-mfa-failures-are-fueling-500-surge.html

IDC Spotlight: Creating a Cohesive Disaster and Cyber Recovery Strategy. Discover why IDC recommends an integrated approach for Cyber Recovery in 2024/2025.

Read: https://thn.news/cohesive-recovery-strategy

⚠️ Alert - A South Korean ERP vendor's update server was hacked to deliver a Go-based backdoor dubbed Xctdoor, stealing sensitive business info with keystrokes and screenshots.

Learn more: https://thehackernews.com/2024/07/south-korean-erp-vendors-server-hacked.html

Israeli entities are under attack by hackers using public frameworks like Donut and Sliver. The campaign, dubbed "Supposed Grasshopper," is using custom WordPress sites for payload delivery.

Learn more: https://thehackernews.com/2024/07/israeli-entities-targeted-by.html

Think that job offer is too good to be true? You might be right!

Hackers use fake job descriptions to exploit an MSHTML flaw and deploy MerkSpy spyware, targeting Canada, India, Poland, and the US.

Read: https://thehackernews.com/2024/07/microsoft-mshtml-flaw-exploited-to.html

Open-Source Intelligence + AI = Game Changer!

AI-powered tools are now handling massive data volumes, real-time analysis, and multilingual content.

Ready to level up your OSINT game?

Learn more: https://thehackernews.com/2024/07/the-emerging-role-of-ai-in-open-source.html

Twilio reports a data breach exposing 33 million Authy phone numbers, urges users to update apps and stay vigilant against phishing.

Details here > https://thehackernews.com/2024/07/twilios-authy-app-breach-exposes.html

Global police operation disrupts cybercrime networks, shuts down 600 servers linked to Cobalt Strike cyberattacks, and arrests 54 for elderly fraud schemes.

Learn more: https://thehackernews.com/2024/07/global-police-operation-shuts-down-600.html

⚠️ Attention IT Pros!

#Microsoft reveals critical vulnerabilities in Rockwell Automation PanelView Plus. Unauthenticated attackers could exploit these to execute code remotely or trigger DoS attacks.

Read: https://thehackernews.com/2024/07/microsoft-uncovers-critical-flaws-in.html

Discover the advanced Zergeca botnet capable of powerful DDoS attacks, proxying, scanning, and more, targeting major countries and using stealthy communication methods.

Read: https://thehackernews.com/2024/07/new-golang-based-zergeca-botnet-capable.html

Did you know? Polyfill supply chain attack impacts 380,000+ hosts, affecting major brands like WarnerBros, Hulu, and Mercedes-Benz. The Hetzner network is hit hardest, redirecting users to adult and gambling sites.

Learn more: https://thehackernews.com/2024/07/polyfillio-attack-impacts-over-380000.html

🚨 GootLoader malware evolves with new versions, using SEO poisoning and disguised payloads to compromise systems.

Learn about its latest threats and tactics: https://thehackernews.com/2024/07/gootloader-malware-delivers-new.html

🛡️ Webinar Alert: Critical ITDR Capabilities Every Professional Must Know.

Join us to learn about the key features that ensure robust identity protection. Get real-life scenarios and actionable tips.

Register now: https://thehacker.news/securing-digital-identity

Don't miss this exclusive webinar.

Learn about Continuous Threat Exposure Management (CTEM) and how it enhances cybersecurity by improving visibility, vulnerability management, and validation.

Learn more: https://thehackernews.com/2024/07/blueprint-for-success-implementing-ctem.html

⚠️ A recent DDoS attack reached a staggering 840 million packets per second, according to OVHcloud.

MikroTik routers played a significant role, with many compromised devices amplifying the attack.

Read: https://thehackernews.com/2024/07/ovhcloud-hit-with-record-840-million.html

Apple removes 25 VPN apps, incl. ProtonVPN, Red Shield, NordVPN, & Le VPN, from Russian App Store following government request, sparking concerns over digital freedom and escalating censorship.

Read details: https://thehackernews.com/2024/07/apple-removes-vpn-apps-from-russian-app.html

Four unpatched Gogs Git flaws (CVE-2024-39930 to 39933) let attackers breach instances, steal/modify code, or plant backdoors.

Read more: https://thehackernews.com/2024/07/critical-vulnerabilities-disclosed-in.html

~7,300 exposed instances; 60% in China. Users urged to disable SSH and registration.

Experts report a surge in Mekotio trojan attacks in Latin America. It installs via MSI files and AHK scripts, stealing banking information through fake pop-ups, keystroke logging, and screenshots.

Learn more: https://thehackernews.com/2024/07/experts-warn-of-mekotio-banking-trojan.html

Cybersecurity Disconnect — Only 5% of CISOs report to CEOs; 2/3 are 2 levels down.

Learn key strategies for CISOs to bridge the communication gap with boards, justify cybersecurity budgets, and report risks effectively.

Read: https://thehackernews.com/2024/07/5-key-questions-cisos-must-ask.html

Eldorado, a new ransomware-as-a-service (RaaS), targets Windows and Linux systems using Golang, Chacha20, and RSA-OAEP for encryption.

Learn about its capabilities, victims, and the growing ransomware landscape: https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html