🚨 A significant security flaw in Microsoft Defender SmartScreen was exploited to deliver info-stealers like ACR Stealer, Lumma, and Meduza.

CVE-2024-21412, rated 8.1 on the CVSS, allowed attackers to bypass protections.

Learn more: https://thehackernews.com/2024/07/microsoft-defender-flaw-exploited-to.html

CrowdStrike's Post-Incident Review reveals Friday's widespread Windows crashes stemmed from flawed Rapid Response Content update. Millions of devices running Falcon Sensor 7.11+ affected.

Read details: https://thehackernews.com/2024/07/crowdstrike-explains-friday-windows.html

⚠️ Security Alert: Patchwork hacker group has targeted entities tied to Bhutan, using the Brute Ratel C4 framework and an updated PGoShell backdoor for the first time.

Read details here: https://thehackernews.com/2024/07/patchwork-hackers-target-bhutan-with.html

A new zero-day vulnerability called EvilVideo allowed attackers to disguise malicious files as videos. This exploit surfaced on underground forums.

Find details here: https://thehackernews.com/2024/07/telegram-app-flaw-exploited-to-spread.html

Update your Telegram app now and disable automatic media downloads.

Gartner predicts that by 2025, lack of talent or human failure will cause more than 50% of significant cyber incidents.

The solution? Workflow automation.

Get the Essential Guide to Workflow Automation from Tines for an in-depth look into:

💡 The evolution of workflow automation and AI
💡 Common misconceptions about automation (and debunking them)
💡 Best practices for finding success with automation - including insights from Mars and Elastic

Get the guide today to learn how your security team can use AI-powered workflow automation to its full potential, to improve incident readiness and operate more efficiently.

Read the guide now: https://thn.news/workflow-sec-guide

🔎 If you're looking for a malware sandbox with free unlimited access to Windows 10 x64 VM, try ANYRUN

It not only detects threat in <40s, but also lets you interact with your samples and the VM

Sign up and launch your analysis ➡️ https://thn.news/malware-analysis-sandbox

Critical Alert! Pro-Houthi hackers are targeting humanitarian organizations in Yemen with sophisticated Android spyware, posing severe risks to aid efforts and security.

Get the full report and stay protected: https://thehackernews.com/2024/07/pro-houthi-group-targets-yemen-aid.html

🚀 🔒 SaaS tools boost productivity but also expand the attack surface. Nudge Security offers a solution: discover app usage, compare security profiles, and manage costs effectively.

Details here: https://thehackernews.com/2024/07/how-to-reduce-saas-spend-and-risk.html

Empower your team with better insights and governance.

🔐 New Threat! Play ransomware has evolved to target Linux-based VMware ESXi environments, potentially broadening its attack range and victim count.

Secure your systems against this new variant: https://thehackernews.com/2024/07/new-linux-variant-of-play-ransomware.html

Stay Alert! The LATAM-based FLUXROOT group is exploiting Google Cloud for phishing attacks targeting Mercado Pago users.

Protect your accounts now: https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html

Always double-check links and use strong, unique passwords.

🔔 Tired of Endless Security Questionnaires?

There's a Solution!

SafeBase's Trust Center transforms this process by automating responses and eliminating unnecessary back-and-forth, reducing your workload significantly.

Learn more: https://thehackernews.com/2024/07/how-trust-center-solves-your-security.html

🔔 Google Chrome introduces new security warnings for suspicious downloads.

Users can now send encrypted files with passwords for deep scans, ensuring comprehensive threat detection.

Update Chrome and activate Enhanced Protection: https://thehackernews.com/2024/07/new-chrome-feature-scans-password.html

Critical flaw found in Docker Engine allows attackers to bypass authorization plugins (AuthZ) - CVE-2024-41110, CVSS score 10.0.

This vulnerability can lead to severe privilege escalation, affecting numerous Docker versions.

Find details here: https://thehackernews.com/2024/07/critical-docker-engine-flaw-allows.html

ISC has released patches for multiple vulnerabilities in BIND 9 DNS software.

These flaws could be exploited to cause a DoS condition, impacting server performance and availability.

Read: https://thehackernews.com/2024/07/cisa-warns-of-exploitable.html

Researchers have disclosed a critical vulnerability, ConfusedFunction, impacting Google Cloud Functions.

This vulnerability could allow attackers to access and manipulate other services and sensitive data without authorization.

Learn more: https://thehackernews.com/2024/07/experts-expose-confusedfunction.html

Meta Platforms shuts down 63,000 Instagram accounts in Nigeria linked to financial sextortion scams.

These scams primarily targeted adult men in the U.S., posing significant financial risks.

Share this news to raise awareness and protect others: https://thehackernews.com/2024/07/meta-removes-63000-instagram-accounts.html

Browser is a critical yet under-protected element in enterprise security. Traditional security tools don't sufficiently shield browser-based threats, exposing organizations to significant risks.

Discover how to secure your modern workspace: https://thehackernews.com/2024/07/webinar-securing-modern-workspace-what.html

North Korean cyber espionage group APT45 is now deploying ransomware.

This marks a significant shift from traditional espionage to financially-motivated attacks, affecting critical infrastructure.

Read more: https://thehackernews.com/2024/07/north-korean-hackers-shift-from-cyber.html

Progress Software urges users to update Telerik Report Server due to a critical security flaw (CVE-2024-6327) with a CVSS score of 9.9.

This vulnerability can lead to RCE, posing a significant risk to your data and systems.

Read details: https://thehackernews.com/2024/07/critical-flaw-in-telerik-report-server.html

⚠️ Cyber Alert: CrowdStrike warns of a new phishing campaign exploiting the Falcon Sensor update mishap.

This sophisticated attack targets German customers with fake installers, aiming to steal sensitive data.

Read here: https://thehackernews.com/2024/07/crowdstrike-warns-of-new-phishing-scam.html