Experts report a surge in Mekotio trojan attacks in Latin America. It installs via MSI files and AHK scripts, stealing banking information through fake pop-ups, keystroke logging, and screenshots.

Learn more: https://thehackernews.com/2024/07/experts-warn-of-mekotio-banking-trojan.html

Cybersecurity Disconnect — Only 5% of CISOs report to CEOs; 2/3 are 2 levels down.

Learn key strategies for CISOs to bridge the communication gap with boards, justify cybersecurity budgets, and report risks effectively.

Read: https://thehackernews.com/2024/07/5-key-questions-cisos-must-ask.html

Eldorado, a new ransomware-as-a-service (RaaS), targets Windows and Linux systems using Golang, Chacha20, and RSA-OAEP for encryption.

Learn about its capabilities, victims, and the growing ransomware landscape: https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html

🚨 Analysis of malware logs on the dark web uncovered 3,300+ users child abuse material consumers. Notably, 4.2% had multiple credentials, indicating persistent offenders.

Read: https://thehackernews.com/2024/07/dark-web-malware-logs-expose-3300-users.html

New APT group CloudSorcerer targets Russian govt entities using #Microsoft Graph, Yandex Cloud, & Dropbox for C2, with GitHub as an initial C2 server, adapting its behavior dynamically based on host processes like mspaint.exe.

Learn more: https://thehackernews.com/2024/07/new-apt-group-cloudsorcerer-targets.html

Unknown threat actors are spreading trojanized jQuery via npm, GitHub, and jsDelivr in a complex supply chain attack.

Malware hides in the seldom-used 'end' function of jQuery, used by 'fadeTo'.

Learn more: https://thehackernews.com/2024/07/trojanized-jquery-packages-found-on-npm.html

🌏 Global cybersecurity agencies warn about China-linked APT40's rapid exploit adaptation, targeting vulnerabilities in widely-used software across multiple countries.

Learn more: https://thehackernews.com/2024/07/cybersecurity-agencies-warn-of-china.html

🚨 Ongoing GuardZoo surveillance targets Middle East military via Android malware. Initiated Oct '19 by Houthi-aligned group, over 450 victims in Yemen, Egypt, Oman, Qatar, Saudi Arabia, Turkey, UAE.

Learn more: https://thehackernews.com/2024/07/guardzoo-malware-targets-over-450.html

Researchers reveal Jenkins Script Console vulnerability exploited for crypto mining. Learn about the risks and how to protect your CI/CD infrastructure.

Learn more: https://thehackernews.com/2024/07/hackers-exploiting-jenkins-script.html

⚠️ New BlastRADIUS flaw in RADIUS protocol allows MitM attacks, bypassing integrity checks.

Attackers can modify Access-Request packets undetected, forcing user auth.

https://thehackernews.com/2024/07/radius-protocol-vulnerability-exposes.html

ISPs & orgs must update RADIUS servers, use TLS/IPSec, and avoid PAP/CHAP methods.

🛠️ Discover the security and privacy risks of leading customer service chatbots with the new Exposure Rating tool—an advanced risk assessment for your website!

Learn more: https://thehackernews.com/expert-insights/2024/07/9-customer-service-chatbots-ranked-for.html

🚨 New OpenSSH vulnerability (CVE-2024-6409) found in RHEL 9's versions 8.7p1 & 8.8p1, allowing RCE via race condition in privsep child process.

Read: https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html

⚠️ Active exploits detected! This bug is distinct from CVE-2024-6387 but shares similarities.

Crypto analysts expose HuiOne Guarantee, a key platform for cybercriminals in SE Asia.

Linked to $11B in transactions, HuiOne offers money laundering, tech, & data services, supporting pig butchering scams.

Read: https://thehackernews.com/2024/07/crypto-analysts-expose-huione.html

Microsoft's latest Patch Tuesday update addresses 143 security flaws, with 2 already under active exploitation. Critical vulnerabilities include issues in Hyper-V and MSHTML.

Timely updates can prevent significant security incidents. Experts stress the importance of regular updates and vigilance.

Find details here: https://thehackernews.com/2024/07/microsofts-july-update-patches-143.html

ITDR is revolutionizing identity protection in the fight against ransomware.

Identity protection lags 20 years behind, but ITDR provides comprehensive coverage and real-time threat mitigation.

Learn more: https://thehackernews.com/2024/07/true-protection-or-false-promise.html

Have you evaluated your ITDR solutions recently? Don't wait until it's too late.

New ransomware group EstateRansomware exploits Veeam software vulnerability, uses dormant VPN accounts for initial access, and deploys persistent backdoors in sophisticated attacks.

Learn more: https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html

Over 50% of new flaws exploited in 2023-24 were zero-days. 📉

Explore IoT firmware complexities, state-sponsored threats & the pitfalls of traditional patching.

Discover innovative isolation solutions to secure against rapid exploits: https://thehackernews.com/2024/07/smash-and-grab-extortion.html

Anyrun's TI Lookup now offers Suricata Search.

🔎 User can find active network threats using details of Suricata detection rules

Rule parameters can be combined with extra indicators like domains and IPs for more specific results

More ⬇️
https://go.thn.li/malware-analysis

Who’s using genAI tools in your organization? Find out in minutes with Nudge Security. Start a free trial and discover every SaaS account ever created by anyone in your org, including generative AI tools.

Read: https://thn.news/ai-risks

⚠️ GitLab has patched a critical vulnerability (CVE-2024-6385) with a CVSS score of 9.6, allowing attackers to run pipeline jobs as any user.

Also, Citrix updates for CVE-2024-6235, & Broadcom addresses flaws in VMware Cloud Director (CVE-2024-22277) & Aria Automation (CVE-2024-22280).

Learn more: https://thehackernews.com/2024/07/gitlab-patches-critical-flaw-allowing.html

Don't wait – secure your development environment now.