Temporary passwords during onboarding are a ticking time bomb for many organizations. Often shared insecurely, these passwords expose systems to cyber threats.
Discover about innovative solutions for enhancing cybersecurity from day one: https://thehackernews.com/2024/07/how-to-securely-onboard-new-employees.html
Discover about innovative solutions for enhancing cybersecurity from day one: https://thehackernews.com/2024/07/how-to-securely-onboard-new-employees.html
π₯8π7π€3
β οΈ New Threat! Beijing-affiliated hacking group Daggerfly targets Taiwan and U.S. NGO in China with upgraded malware tools, exploiting Apache HTTP server vulnerabilities.
Read here: https://thehackernews.com/2024/07/chinese-hackers-target-taiwan-and-us.html
This affects organizations operating in sensitive geopolitical areas.
Read here: https://thehackernews.com/2024/07/chinese-hackers-target-taiwan-and-us.html
This affects organizations operating in sensitive geopolitical areas.
π8π€―7π6
vPenTest automates network penetration testing for IT teams, helping organizations find exploitable vulnerabilities before the bad guys do!
π° Costs 50% less than manual tests
β° Test monthly, not yearly
π PCI & HIPAA compliant reports
π₯ Get a FREE Trial > https://thn.news/vptest-free-trial
π° Costs 50% less than manual tests
β° Test monthly, not yearly
π PCI & HIPAA compliant reports
π₯ Get a FREE Trial > https://thn.news/vptest-free-trial
Vonahi Security: Automated Penetration Testing & Cyber Security Services
Get a Free Trial | vPenTest
Get a free trial of vPenTest and explore the many features that can save you time and money.
π9π₯7π5β‘4π€―4
π¨ CISA adds two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation evidenceβa decade-old Microsoft IE flaw (CVE-2012-4792) and a recent Twilio Authy vulnerability (CVE-2024-39891).
Immediate action is required for Federal agencies to mitigate these threats by August 13, 2024.
Read: https://thehackernews.com/2024/07/cisa-adds-twilio-authy-and-ie-flaws-to.html
Immediate action is required for Federal agencies to mitigate these threats by August 13, 2024.
Read: https://thehackernews.com/2024/07/cisa-adds-twilio-authy-and-ie-flaws-to.html
π₯7π€4π2
π¨ A significant security flaw in Microsoft Defender SmartScreen was exploited to deliver info-stealers like ACR Stealer, Lumma, and Meduza.
CVE-2024-21412, rated 8.1 on the CVSS, allowed attackers to bypass protections.
Learn more: https://thehackernews.com/2024/07/microsoft-defender-flaw-exploited-to.html
CVE-2024-21412, rated 8.1 on the CVSS, allowed attackers to bypass protections.
Learn more: https://thehackernews.com/2024/07/microsoft-defender-flaw-exploited-to.html
π17π±7π₯4π2
CrowdStrike's Post-Incident Review reveals Friday's widespread Windows crashes stemmed from flawed Rapid Response Content update. Millions of devices running Falcon Sensor 7.11+ affected.
Read details: https://thehackernews.com/2024/07/crowdstrike-explains-friday-windows.html
Read details: https://thehackernews.com/2024/07/crowdstrike-explains-friday-windows.html
π8π₯4π±4π3π€2π€―2
β οΈ Security Alert: Patchwork hacker group has targeted entities tied to Bhutan, using the Brute Ratel C4 framework and an updated PGoShell backdoor for the first time.
Read details here: https://thehackernews.com/2024/07/patchwork-hackers-target-bhutan-with.html
Read details here: https://thehackernews.com/2024/07/patchwork-hackers-target-bhutan-with.html
π17π2π€1
A new zero-day vulnerability called EvilVideo allowed attackers to disguise malicious files as videos. This exploit surfaced on underground forums.
Find details here: https://thehackernews.com/2024/07/telegram-app-flaw-exploited-to-spread.html
Update your Telegram app now and disable automatic media downloads.
Find details here: https://thehackernews.com/2024/07/telegram-app-flaw-exploited-to-spread.html
Update your Telegram app now and disable automatic media downloads.
π₯21π10π€―5
Gartner predicts that by 2025, lack of talent or human failure will cause more than 50% of significant cyber incidents.
The solution? Workflow automation.
Get the Essential Guide to Workflow Automation from Tines for an in-depth look into:
π‘ The evolution of workflow automation and AI
π‘ Common misconceptions about automation (and debunking them)
π‘ Best practices for finding success with automation - including insights from Mars and Elastic
Get the guide today to learn how your security team can use AI-powered workflow automation to its full potential, to improve incident readiness and operate more efficiently.
Read the guide now: https://thn.news/workflow-sec-guide
The solution? Workflow automation.
Get the Essential Guide to Workflow Automation from Tines for an in-depth look into:
π‘ The evolution of workflow automation and AI
π‘ Common misconceptions about automation (and debunking them)
π‘ Best practices for finding success with automation - including insights from Mars and Elastic
Get the guide today to learn how your security team can use AI-powered workflow automation to its full potential, to improve incident readiness and operate more efficiently.
Read the guide now: https://thn.news/workflow-sec-guide
Tines
Read the essential guide to workflow automation for security teams | Tines
Can workflow automation solve your security team's biggest challenges? Our guide explores what's next for workflow automation and shares best practices.
π10π€7π±6π2π€―1
π If you're looking for a malware sandbox with free unlimited access to Windows 10 x64 VM, try ANYRUN
It not only detects threat in <40s, but also lets you interact with your samples and the VM
Sign up and launch your analysis β‘οΈ https://thn.news/malware-analysis-sandbox
It not only detects threat in <40s, but also lets you interact with your samples and the VM
Sign up and launch your analysis β‘οΈ https://thn.news/malware-analysis-sandbox
app.any.run
Interactive Online Malware Analysis Sandbox - ANY.RUN
Cloud-based malware analysis service. Take your information security to the next level. Analyze suspicious and malicious activities using our innovative tools.
π₯20π12β‘1π1π€1
Critical Alert! Pro-Houthi hackers are targeting humanitarian organizations in Yemen with sophisticated Android spyware, posing severe risks to aid efforts and security.
Get the full report and stay protected: https://thehackernews.com/2024/07/pro-houthi-group-targets-yemen-aid.html
Get the full report and stay protected: https://thehackernews.com/2024/07/pro-houthi-group-targets-yemen-aid.html
π9π₯6π5π€4
π π SaaS tools boost productivity but also expand the attack surface. Nudge Security offers a solution: discover app usage, compare security profiles, and manage costs effectively.
Details here: https://thehackernews.com/2024/07/how-to-reduce-saas-spend-and-risk.html
Empower your team with better insights and governance.
Details here: https://thehackernews.com/2024/07/how-to-reduce-saas-spend-and-risk.html
Empower your team with better insights and governance.
π9π₯3π3
π New Threat! Play ransomware has evolved to target Linux-based VMware ESXi environments, potentially broadening its attack range and victim count.
Secure your systems against this new variant: https://thehackernews.com/2024/07/new-linux-variant-of-play-ransomware.html
Secure your systems against this new variant: https://thehackernews.com/2024/07/new-linux-variant-of-play-ransomware.html
π€―8π₯4π3
Stay Alert! The LATAM-based FLUXROOT group is exploiting Google Cloud for phishing attacks targeting Mercado Pago users.
Protect your accounts now: https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html
Always double-check links and use strong, unique passwords.
Protect your accounts now: https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html
Always double-check links and use strong, unique passwords.
π€―11π4π2
π Tired of Endless Security Questionnaires?
There's a Solution!
SafeBase's Trust Center transforms this process by automating responses and eliminating unnecessary back-and-forth, reducing your workload significantly.
Learn more: https://thehackernews.com/2024/07/how-trust-center-solves-your-security.html
There's a Solution!
SafeBase's Trust Center transforms this process by automating responses and eliminating unnecessary back-and-forth, reducing your workload significantly.
Learn more: https://thehackernews.com/2024/07/how-trust-center-solves-your-security.html
π11π3π€3
π Google Chrome introduces new security warnings for suspicious downloads.
Users can now send encrypted files with passwords for deep scans, ensuring comprehensive threat detection.
Update Chrome and activate Enhanced Protection: https://thehackernews.com/2024/07/new-chrome-feature-scans-password.html
Users can now send encrypted files with passwords for deep scans, ensuring comprehensive threat detection.
Update Chrome and activate Enhanced Protection: https://thehackernews.com/2024/07/new-chrome-feature-scans-password.html
π26π€2π₯1
Critical flaw found in Docker Engine allows attackers to bypass authorization plugins (AuthZ) - CVE-2024-41110, CVSS score 10.0.
This vulnerability can lead to severe privilege escalation, affecting numerous Docker versions.
Find details here: https://thehackernews.com/2024/07/critical-docker-engine-flaw-allows.html
This vulnerability can lead to severe privilege escalation, affecting numerous Docker versions.
Find details here: https://thehackernews.com/2024/07/critical-docker-engine-flaw-allows.html
π₯12π€―9π±5π3π1
ISC has released patches for multiple vulnerabilities in BIND 9 DNS software.
These flaws could be exploited to cause a DoS condition, impacting server performance and availability.
Read: https://thehackernews.com/2024/07/cisa-warns-of-exploitable.html
These flaws could be exploited to cause a DoS condition, impacting server performance and availability.
Read: https://thehackernews.com/2024/07/cisa-warns-of-exploitable.html
π16π₯3π€―3β‘1
Researchers have disclosed a critical vulnerability, ConfusedFunction, impacting Google Cloud Functions.
This vulnerability could allow attackers to access and manipulate other services and sensitive data without authorization.
Learn more: https://thehackernews.com/2024/07/experts-expose-confusedfunction.html
This vulnerability could allow attackers to access and manipulate other services and sensitive data without authorization.
Learn more: https://thehackernews.com/2024/07/experts-expose-confusedfunction.html
β‘9π6π₯4
Meta Platforms shuts down 63,000 Instagram accounts in Nigeria linked to financial sextortion scams.
These scams primarily targeted adult men in the U.S., posing significant financial risks.
Share this news to raise awareness and protect others: https://thehackernews.com/2024/07/meta-removes-63000-instagram-accounts.html
These scams primarily targeted adult men in the U.S., posing significant financial risks.
Share this news to raise awareness and protect others: https://thehackernews.com/2024/07/meta-removes-63000-instagram-accounts.html
π₯16π11π8π±2