🚨 A 17-year-old suspected member of the Scattered Spider cybercrime syndicate has been arrested in the U.K.

This group has targeted major companies, including MGM Resorts, with #ransomware.

Read here: https://thehackernews.com/2024/07/17-year-old-linked-to-scattered-spider.html

CrowdStrike's recent update glitch caused global IT disruptions, and now threat actors are exploiting this by distributing Remcos RAT malware to Latin American customers disguised as a hotfix.

Read details: https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html

⚡ A new variant of the Play ransomware is now targeting VMWare ESXi environments, broadening its reach across Linux platforms.

With industries like IT & finance at high risk, experts stress the importance of proactive defenses.

Read: https://thehackernews.com/2024/07/new-linux-variant-of-play-ransomware.html

⚠️ New Alert: SocGholish malware is exploiting BOINC to deliver AsyncRAT, posing a severe threat to network security.

This sophisticated attack method could be used to execute ransomware and escalate privileges within your systems.

Details: https://thehackernews.com/2024/07/socgholish-malware-exploits-boinc.html

New Playbook for vCISOs: "Your First 100 Days as a vCISO – 5 Steps to Success" is now available!

If you're a virtual CISO, this comprehensive guide is essential for mastering your client's cybersecurity strategy and risk governance.

https://thehackernews.com/2024/07/msps-mssps-how-to-increase-engagement.html

FLUXROOT and PINEAPPLE cybercriminal groups exploiting Google Cloud for phishing attacks targeting Mercado Pago users in Latin America.

Learn more: https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html

Sophisticated Chinese cybercrime syndicate "Vigorish Viper" exposed, using advanced tech suite for global operations, including illegal gambling and human trafficking.

The use of DNS manipulation and traffic distribution systems shows the sophistication of modern cybercriminals.

Learn more: https://thehackernews.com/2024/07/experts-uncover-chinese-cybercrime.html

🚀 New AI Features in Cybersecurity! Tines has released AI-enhanced workflows, including an SMS analysis service to detect phishing scams quickly and accurately.

🔍 This tool streamlines threat detection, enabling faster and more accurate responses, and promotes a culture of cybersecurity within organizations.

🛡️ By automating SMS analysis, security teams can reduce manual, repetitive tasks and focus on higher-level threats.

🔧 Learn more: https://thehackernews.com/2024/07/how-to-set-up-automated-sms-analysis.html

In a surprising move, Google has decided to abandon its plan to phase out third-party cookies in Chrome and will instead introduce a user-choice system.

Learn more: https://thehackernews.com/2024/07/google-abandons-plan-to-phase-out-third.html

CERT-UA has alerted of a new spear-phishing campaign targeting a Ukrainian research institution with malware named HATVIBE and CHERRYSPY, exploiting a CVE-2024-23692 vulnerability.

Learn more: https://thehackernews.com/2024/07/ukrainian-institutions-targeted-using.html

The European Commission has given Meta until September 1, 2024, to justify its "pay or consent" ad model or face sanctions.

Experts warn of potential fines and operational changes if Meta fails to comply.

Learn more: https://thehackernews.com/2024/07/meta-given-deadline-to-address-eu.html

⚠️ Cyber Alert: Cybercriminals are exploiting swap files on compromised e-commerce sites to hide credit card skimmers, bypassing cleanup attempts.

Find details here: https://thehackernews.com/2024/07/magento-sites-targeted-with-sneaky.html

🚨 Researchers identified FrostyGoop, a new ICS-focused malware, attacking a Ukrainian energy firm and disrupting services to over 600 buildings.

It can manipulate Industrial Control Systems, posing a serious threat to critical infrastructure.

Read: https://thehackernews.com/2024/07/new-ics-malware-frostygoop-targeting.html

Temporary passwords during onboarding are a ticking time bomb for many organizations. Often shared insecurely, these passwords expose systems to cyber threats.

Discover about innovative solutions for enhancing cybersecurity from day one: https://thehackernews.com/2024/07/how-to-securely-onboard-new-employees.html

⚠️ New Threat! Beijing-affiliated hacking group Daggerfly targets Taiwan and U.S. NGO in China with upgraded malware tools, exploiting Apache HTTP server vulnerabilities.

Read here: https://thehackernews.com/2024/07/chinese-hackers-target-taiwan-and-us.html

This affects organizations operating in sensitive geopolitical areas.

vPenTest automates network penetration testing for IT teams, helping organizations find exploitable vulnerabilities before the bad guys do!

💰 Costs 50% less than manual tests
⏰ Test monthly, not yearly
📊 PCI & HIPAA compliant reports

🔥 Get a FREE Trial > https://thn.news/vptest-free-trial

🚨 CISA adds two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation evidence—a decade-old Microsoft IE flaw (CVE-2012-4792) and a recent Twilio Authy vulnerability (CVE-2024-39891).

Immediate action is required for Federal agencies to mitigate these threats by August 13, 2024.

Read: https://thehackernews.com/2024/07/cisa-adds-twilio-authy-and-ie-flaws-to.html

🚨 A significant security flaw in Microsoft Defender SmartScreen was exploited to deliver info-stealers like ACR Stealer, Lumma, and Meduza.

CVE-2024-21412, rated 8.1 on the CVSS, allowed attackers to bypass protections.

Learn more: https://thehackernews.com/2024/07/microsoft-defender-flaw-exploited-to.html

CrowdStrike's Post-Incident Review reveals Friday's widespread Windows crashes stemmed from flawed Rapid Response Content update. Millions of devices running Falcon Sensor 7.11+ affected.

Read details: https://thehackernews.com/2024/07/crowdstrike-explains-friday-windows.html

⚠️ Security Alert: Patchwork hacker group has targeted entities tied to Bhutan, using the Brute Ratel C4 framework and an updated PGoShell backdoor for the first time.

Read details here: https://thehackernews.com/2024/07/patchwork-hackers-target-bhutan-with.html