🚀 🔒 SaaS tools boost productivity but also expand the attack surface. Nudge Security offers a solution: discover app usage, compare security profiles, and manage costs effectively.

Details here: https://thehackernews.com/2024/07/how-to-reduce-saas-spend-and-risk.html

Empower your team with better insights and governance.

🔐 New Threat! Play ransomware has evolved to target Linux-based VMware ESXi environments, potentially broadening its attack range and victim count.

Secure your systems against this new variant: https://thehackernews.com/2024/07/new-linux-variant-of-play-ransomware.html

Stay Alert! The LATAM-based FLUXROOT group is exploiting Google Cloud for phishing attacks targeting Mercado Pago users.

Protect your accounts now: https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html

Always double-check links and use strong, unique passwords.

🔔 Tired of Endless Security Questionnaires?

There's a Solution!

SafeBase's Trust Center transforms this process by automating responses and eliminating unnecessary back-and-forth, reducing your workload significantly.

Learn more: https://thehackernews.com/2024/07/how-trust-center-solves-your-security.html

🔔 Google Chrome introduces new security warnings for suspicious downloads.

Users can now send encrypted files with passwords for deep scans, ensuring comprehensive threat detection.

Update Chrome and activate Enhanced Protection: https://thehackernews.com/2024/07/new-chrome-feature-scans-password.html

Critical flaw found in Docker Engine allows attackers to bypass authorization plugins (AuthZ) - CVE-2024-41110, CVSS score 10.0.

This vulnerability can lead to severe privilege escalation, affecting numerous Docker versions.

Find details here: https://thehackernews.com/2024/07/critical-docker-engine-flaw-allows.html

ISC has released patches for multiple vulnerabilities in BIND 9 DNS software.

These flaws could be exploited to cause a DoS condition, impacting server performance and availability.

Read: https://thehackernews.com/2024/07/cisa-warns-of-exploitable.html

Researchers have disclosed a critical vulnerability, ConfusedFunction, impacting Google Cloud Functions.

This vulnerability could allow attackers to access and manipulate other services and sensitive data without authorization.

Learn more: https://thehackernews.com/2024/07/experts-expose-confusedfunction.html

Meta Platforms shuts down 63,000 Instagram accounts in Nigeria linked to financial sextortion scams.

These scams primarily targeted adult men in the U.S., posing significant financial risks.

Share this news to raise awareness and protect others: https://thehackernews.com/2024/07/meta-removes-63000-instagram-accounts.html

Browser is a critical yet under-protected element in enterprise security. Traditional security tools don't sufficiently shield browser-based threats, exposing organizations to significant risks.

Discover how to secure your modern workspace: https://thehackernews.com/2024/07/webinar-securing-modern-workspace-what.html

North Korean cyber espionage group APT45 is now deploying ransomware.

This marks a significant shift from traditional espionage to financially-motivated attacks, affecting critical infrastructure.

Read more: https://thehackernews.com/2024/07/north-korean-hackers-shift-from-cyber.html

Progress Software urges users to update Telerik Report Server due to a critical security flaw (CVE-2024-6327) with a CVSS score of 9.9.

This vulnerability can lead to RCE, posing a significant risk to your data and systems.

Read details: https://thehackernews.com/2024/07/critical-flaw-in-telerik-report-server.html

⚠️ Cyber Alert: CrowdStrike warns of a new phishing campaign exploiting the Falcon Sensor update mishap.

This sophisticated attack targets German customers with fake installers, aiming to steal sensitive data.

Read here: https://thehackernews.com/2024/07/crowdstrike-warns-of-new-phishing-scam.html

Researchers warn of a campaign exploiting Selenium Grid services for cryptocurency mining.

Over 30,000 instances are exposed to remote command execution, necessitating immediate security measures.

Learn more: https://thehackernews.com/2024/07/ongoing-cyberattack-targets-exposed.html

🔐 U.S. DoJ charges North Korean hacker Rim Jong Hyok for ransomware attacks on U.S. hospitals.

The attacks disrupted essential services & posed serious risks to patient care.

💰 $10M reward announced for tips leading to the arrest of Hyok.

https://thehackernews.com/2024/07/us-doj-indicts-north-korean-hacker-for.html

New insights on application security testing highlight 6 essential methods.

These methods, including DAST & SAST, help identify vulnerabilities early and throughout the application lifecycle.

Learn more: https://thehackernews.com/2024/07/6-types-of-applications-security.html

Cybersecurity expert Foster Nethercott highlights offensive AI’s potential as a major threat. Offensive AI can create novel malware capable of evading traditional security measures, posing significant risks.

His paper outlines key points: https://thehackernews.com/2024/07/offensive-ai-sine-qua-non-of.html

A new phishing-as-a-service platform from the GXC Team targets Spanish banks and other institutions with malicious Android apps and AI-powered voice calling tools.

Learn more: https://thehackernews.com/2024/07/spanish-hackers-bundle-phishing-kits.html

Beware of the "lr-utils-lib" PyPI package—it's a new threat to macOS users!

This package steals Google Cloud credentials, posing a serious risk to both individual developers and enterprises.

Read details: https://thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html

French authorities and Europol launch "disinfection operation" against PlugX malware.

This operation aims to clean infected systems across multiple European countries, potentially affecting millions worldwide.

PlugX can persist on air-gapped networks and USB drives, posing a long-term risk.

Learn more: https://thehackernews.com/2024/07/french-authorities-launch-operation-to.html