Ransomware evolvesβQilin's latest attack stole Google Chrome credentials by exploiting a Group Policy Object to run a PowerShell script at each login, exposing sensitive data.
Read: https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html
Read: https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html
π10π€3π€―1π±1
β‘ Imagine every essential cybersecurity tool at your fingertipsβunified in one intuitive platform, with 24/7 expert support.
Join our webinar for a no-nonsense demo & discover how to achieve total protection with an All-in-One solution.
Don't miss it: https://thehackernews.com/2024/08/webinar-experience-power-of-must-have.html
Join our webinar for a no-nonsense demo & discover how to achieve total protection with an All-in-One solution.
Don't miss it: https://thehackernews.com/2024/08/webinar-experience-power-of-must-have.html
π13π€4π€―2
New vulnerabilities emerge every hour. Discover how exposure management enhances cybersecurity, prioritizes vulnerabilities, and optimizes security efforts.
Learn steps for implementation: https://thehackernews.com/2024/08/focus-on-what-matters-most-exposure.html
Learn steps for implementation: https://thehackernews.com/2024/08/focus-on-what-matters-most-exposure.html
π10π€―5
PEAKLIGHT, a new memory-only dropper, is deploying malware on Windows systems via pirated movie files. It uses PowerShell scripts to install information stealers like Lumma Stealer and CryptBot.
Read: https://thehackernews.com/2024/08/new-peaklight-dropper-deployed-in.html
Read: https://thehackernews.com/2024/08/new-peaklight-dropper-deployed-in.html
π13π₯3π2
Iranian state-backed hackers, APT42, have been caught using WhatsApp to target high-profile individuals worldwide.
U.S. accuses Iran of election interference attempts.
Read: https://thehackernews.com/2024/08/meta-exposes-iranian-hacker-group.html
Stay one step aheadβknowledge is your best defense.
U.S. accuses Iran of election interference attempts.
Read: https://thehackernews.com/2024/08/meta-exposes-iranian-hacker-group.html
Stay one step aheadβknowledge is your best defense.
π12π₯8π€―4π3β‘1
CISA has added a new #vulnerability in Versa Director (CVE-2024-39717) to its Known Exploited Vulnerabilities catalog due to active exploitation.
This flaw lets attackers upload malicious files, posing a serious threat to organizations.
Read: https://thehackernews.com/2024/08/cisa-urges-federal-agencies-to-patch.html
This flaw lets attackers upload malicious files, posing a serious threat to organizations.
Read: https://thehackernews.com/2024/08/cisa-urges-federal-agencies-to-patch.html
π14π€9β‘1
'Sedexp' Linux malware identifiedβtargeting financial systems by hiding credit card skimmers. Sedexp leverages udev rules for persistence, triggering its malicious actions upon every system reboot.
Learn more: https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html
Learn more: https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html
π12π€5π₯2π±2β‘1π1
π₯ Telegram founder Pavel Durov has been arrested in France due to the platform's content moderation failures, which have been linked to widespread cybercrime and illegal activities.
Read details: https://thehackernews.com/2024/08/telegram-founder-pavel-durov-arrested.html
Read details: https://thehackernews.com/2024/08/telegram-founder-pavel-durov-arrested.html
π€―153π±45π€23π₯17π14π10π8β‘7
π¨ Researchers have uncovered NGate, a new Android malware that relays NFC payment data to attackers. Targeting Czech banks, it clones payment cards and withdraws funds from ATMs.
Read: https://thehackernews.com/2024/08/new-android-malware-ngate-steals-nfc.html
Read: https://thehackernews.com/2024/08/new-android-malware-ngate-steals-nfc.html
π₯17π4π€4β‘2
π¨ Two critical vulnerabilities have been discovered in the Traccar GPS tracking system, potentially allowing unauthenticated attackers to achieve remote code execution.
Read details: https://thehackernews.com/2024/08/critical-flaws-in-traccar-gps-system.html
Read details: https://thehackernews.com/2024/08/critical-flaws-in-traccar-gps-system.html
π15β‘4π€―4π2π₯1
Researchers uncover 20+ vulnerabilities in ML software supply chains, posing serious security risks to MLOps platforms.
These flaws could lead to arbitrary code execution or even allow malicious datasets to infiltrate systems, affecting the integrity of AI-driven operations.
Read: https://thehackernews.com/2024/08/researchers-identify-over-20-supply.html
These flaws could lead to arbitrary code execution or even allow malicious datasets to infiltrate systems, affecting the integrity of AI-driven operations.
Read: https://thehackernews.com/2024/08/researchers-identify-over-20-supply.html
π14π€―6π€4β‘2π2
Tools like Slack & Teams are great for daily use, but they weren't built with a security-first approach. Protect sensitive data with SalaX Secure Collaboration 2024, offering end-to-end encryption for secure business communication.
Read: https://thehackernews.com/2024/08/unpacking-slack-hacks-6-ways-to-protect.html
Read: https://thehackernews.com/2024/08/unpacking-slack-hacks-6-ways-to-protect.html
π16β‘4π₯1
Uber fined β¬290M for transferring sensitive E.U. driver data to U.S. servers without adequate safeguards.
With the Privacy Shield gone, companies must adopt robust alternatives like the new E.U.-U.S. Data Privacy Framework.
Read: https://thehackernews.com/2024/08/dutch-regulators-fines-uber-290-million.html
With the Privacy Shield gone, companies must adopt robust alternatives like the new E.U.-U.S. Data Privacy Framework.
Read: https://thehackernews.com/2024/08/dutch-regulators-fines-uber-290-million.html
π16π13π±6π€4β‘3
SonicWall has released a critical security update to fix a major firewall vulnerability. If unpatched, this flaw could grant unauthorized access to your network, jeopardizing sensitive data.
Read: https://thehackernews.com/2024/08/sonicwall-issues-critical-patch-for.html
Apply the latest patches immediately!
Read: https://thehackernews.com/2024/08/sonicwall-issues-critical-patch-for.html
Apply the latest patches immediately!
π10π€3π2π2π₯1
Google has disclosed active exploitation of a high severity Chrome vulnerability, CVE-2024-7965, which was patched last week.
This flaw in Chrome's V8 engine could enable remote attacks.
Learn more: https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html
Make sure your browser is updated to the latest version.
This flaw in Chrome's V8 engine could enable remote attacks.
Learn more: https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html
Make sure your browser is updated to the latest version.
π€―29π7π₯6π±4π1
A recently patched Microsoft365 Copilot vulnerability used ASCII smuggling to potentially steal sensitive user data.
Such an attack could have led to significant data breaches, highlighting the hidden risks in advanced AI applications.
Read: https://thehackernews.com/2024/08/microsoft-fixes-ascii-smuggling-flaw.html
Such an attack could have led to significant data breaches, highlighting the hidden risks in advanced AI applications.
Read: https://thehackernews.com/2024/08/microsoft-fixes-ascii-smuggling-flaw.html
π15β‘5π3π₯2π2π€1
Gartner's latest CTEM report highlights Adversarial Exposure Validation (AEV) as vital for cybersecurity, combining breach simulation with pentesting to streamline security assessments, automate testing, and enhance resilience.
Learn more: https://thehackernews.com/2024/08/ctem-in-spotlight-how-gartners-new.html
Learn more: https://thehackernews.com/2024/08/ctem-in-spotlight-how-gartners-new.html
π13π€4
A newly discovered zero-day flaw in Versa Director has been exploited by the infamous Volt Typhoon group, enabling them to inject undetected malicious code, bypassing traditional security measures.
Learn more: https://thehackernews.com/2024/08/chinese-volt-typhoon-exploits-versa.html
Learn more: https://thehackernews.com/2024/08/chinese-volt-typhoon-exploits-versa.html
π€13π5
π¨ MacOS Users Beware: A new variant of the HZ RAT backdoor has surfaced, and itβs now targeting users of popular Chinese messaging apps like DingTalk and WeChat.
This #malware doesn't just sit quietlyβit connects to a command-and-control server, giving attackers the power to execute commands and steal your sensitive information.
β οΈ Why it matters: If you're using these apps on a Mac, you could be at risk. Ensure your system is secure, and always be vigilant about the software you install.
Read: https://thehackernews.com/2024/08/macos-version-of-hz-rat-backdoor.html
P.S. Share this with your network to keep them informed.
This #malware doesn't just sit quietlyβit connects to a command-and-control server, giving attackers the power to execute commands and steal your sensitive information.
β οΈ Why it matters: If you're using these apps on a Mac, you could be at risk. Ensure your system is secure, and always be vigilant about the software you install.
Read: https://thehackernews.com/2024/08/macos-version-of-hz-rat-backdoor.html
P.S. Share this with your network to keep them informed.
π€15π9π₯7
A critical vulnerability (CVE-2024-6386) has been discovered in the WPML WordPress plugin.
With a CVSS score of 9.9, this flaw could allow attackers to execute code remotely, putting over a million websites at risk.
The vulnerability affects all versions before 4.6.13, released on August 20, 2024. Immediate updates are essential.
Read: https://thehackernews.com/2024/08/critical-wpml-plugin-flaw-exposes.html
Ensure your site is secureβupdate the WPML plugin now.
With a CVSS score of 9.9, this flaw could allow attackers to execute code remotely, putting over a million websites at risk.
The vulnerability affects all versions before 4.6.13, released on August 20, 2024. Immediate updates are essential.
Read: https://thehackernews.com/2024/08/critical-wpml-plugin-flaw-exposes.html
Ensure your site is secureβupdate the WPML plugin now.
π₯15π5π±4π2π€―1