⚠️ New Alert: SocGholish malware is exploiting BOINC to deliver AsyncRAT, posing a severe threat to network security.

This sophisticated attack method could be used to execute ransomware and escalate privileges within your systems.

Details: https://thehackernews.com/2024/07/socgholish-malware-exploits-boinc.html

New Playbook for vCISOs: "Your First 100 Days as a vCISO – 5 Steps to Success" is now available!

If you're a virtual CISO, this comprehensive guide is essential for mastering your client's cybersecurity strategy and risk governance.

https://thehackernews.com/2024/07/msps-mssps-how-to-increase-engagement.html

FLUXROOT and PINEAPPLE cybercriminal groups exploiting Google Cloud for phishing attacks targeting Mercado Pago users in Latin America.

Learn more: https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html

Sophisticated Chinese cybercrime syndicate "Vigorish Viper" exposed, using advanced tech suite for global operations, including illegal gambling and human trafficking.

The use of DNS manipulation and traffic distribution systems shows the sophistication of modern cybercriminals.

Learn more: https://thehackernews.com/2024/07/experts-uncover-chinese-cybercrime.html

🚀 New AI Features in Cybersecurity! Tines has released AI-enhanced workflows, including an SMS analysis service to detect phishing scams quickly and accurately.

🔍 This tool streamlines threat detection, enabling faster and more accurate responses, and promotes a culture of cybersecurity within organizations.

🛡️ By automating SMS analysis, security teams can reduce manual, repetitive tasks and focus on higher-level threats.

🔧 Learn more: https://thehackernews.com/2024/07/how-to-set-up-automated-sms-analysis.html

In a surprising move, Google has decided to abandon its plan to phase out third-party cookies in Chrome and will instead introduce a user-choice system.

Learn more: https://thehackernews.com/2024/07/google-abandons-plan-to-phase-out-third.html

CERT-UA has alerted of a new spear-phishing campaign targeting a Ukrainian research institution with malware named HATVIBE and CHERRYSPY, exploiting a CVE-2024-23692 vulnerability.

Learn more: https://thehackernews.com/2024/07/ukrainian-institutions-targeted-using.html

The European Commission has given Meta until September 1, 2024, to justify its "pay or consent" ad model or face sanctions.

Experts warn of potential fines and operational changes if Meta fails to comply.

Learn more: https://thehackernews.com/2024/07/meta-given-deadline-to-address-eu.html

⚠️ Cyber Alert: Cybercriminals are exploiting swap files on compromised e-commerce sites to hide credit card skimmers, bypassing cleanup attempts.

Find details here: https://thehackernews.com/2024/07/magento-sites-targeted-with-sneaky.html

🚨 Researchers identified FrostyGoop, a new ICS-focused malware, attacking a Ukrainian energy firm and disrupting services to over 600 buildings.

It can manipulate Industrial Control Systems, posing a serious threat to critical infrastructure.

Read: https://thehackernews.com/2024/07/new-ics-malware-frostygoop-targeting.html

Temporary passwords during onboarding are a ticking time bomb for many organizations. Often shared insecurely, these passwords expose systems to cyber threats.

Discover about innovative solutions for enhancing cybersecurity from day one: https://thehackernews.com/2024/07/how-to-securely-onboard-new-employees.html

⚠️ New Threat! Beijing-affiliated hacking group Daggerfly targets Taiwan and U.S. NGO in China with upgraded malware tools, exploiting Apache HTTP server vulnerabilities.

Read here: https://thehackernews.com/2024/07/chinese-hackers-target-taiwan-and-us.html

This affects organizations operating in sensitive geopolitical areas.

vPenTest automates network penetration testing for IT teams, helping organizations find exploitable vulnerabilities before the bad guys do!

💰 Costs 50% less than manual tests
⏰ Test monthly, not yearly
📊 PCI & HIPAA compliant reports

🔥 Get a FREE Trial > https://thn.news/vptest-free-trial

🚨 CISA adds two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation evidence—a decade-old Microsoft IE flaw (CVE-2012-4792) and a recent Twilio Authy vulnerability (CVE-2024-39891).

Immediate action is required for Federal agencies to mitigate these threats by August 13, 2024.

Read: https://thehackernews.com/2024/07/cisa-adds-twilio-authy-and-ie-flaws-to.html

🚨 A significant security flaw in Microsoft Defender SmartScreen was exploited to deliver info-stealers like ACR Stealer, Lumma, and Meduza.

CVE-2024-21412, rated 8.1 on the CVSS, allowed attackers to bypass protections.

Learn more: https://thehackernews.com/2024/07/microsoft-defender-flaw-exploited-to.html

CrowdStrike's Post-Incident Review reveals Friday's widespread Windows crashes stemmed from flawed Rapid Response Content update. Millions of devices running Falcon Sensor 7.11+ affected.

Read details: https://thehackernews.com/2024/07/crowdstrike-explains-friday-windows.html

⚠️ Security Alert: Patchwork hacker group has targeted entities tied to Bhutan, using the Brute Ratel C4 framework and an updated PGoShell backdoor for the first time.

Read details here: https://thehackernews.com/2024/07/patchwork-hackers-target-bhutan-with.html

A new zero-day vulnerability called EvilVideo allowed attackers to disguise malicious files as videos. This exploit surfaced on underground forums.

Find details here: https://thehackernews.com/2024/07/telegram-app-flaw-exploited-to-spread.html

Update your Telegram app now and disable automatic media downloads.

Gartner predicts that by 2025, lack of talent or human failure will cause more than 50% of significant cyber incidents.

The solution? Workflow automation.

Get the Essential Guide to Workflow Automation from Tines for an in-depth look into:

💡 The evolution of workflow automation and AI
💡 Common misconceptions about automation (and debunking them)
💡 Best practices for finding success with automation - including insights from Mars and Elastic

Get the guide today to learn how your security team can use AI-powered workflow automation to its full potential, to improve incident readiness and operate more efficiently.

Read the guide now: https://thn.news/workflow-sec-guide

🔎 If you're looking for a malware sandbox with free unlimited access to Windows 10 x64 VM, try ANYRUN

It not only detects threat in <40s, but also lets you interact with your samples and the VM

Sign up and launch your analysis ➡️ https://thn.news/malware-analysis-sandbox