🚨 Two critical vulnerabilities have been discovered in the Traccar GPS tracking system, potentially allowing unauthenticated attackers to achieve remote code execution.

Read details: https://thehackernews.com/2024/08/critical-flaws-in-traccar-gps-system.html

Researchers uncover 20+ vulnerabilities in ML software supply chains, posing serious security risks to MLOps platforms.

These flaws could lead to arbitrary code execution or even allow malicious datasets to infiltrate systems, affecting the integrity of AI-driven operations.

Read: https://thehackernews.com/2024/08/researchers-identify-over-20-supply.html

Tools like Slack & Teams are great for daily use, but they weren't built with a security-first approach. Protect sensitive data with SalaX Secure Collaboration 2024, offering end-to-end encryption for secure business communication.

Read: https://thehackernews.com/2024/08/unpacking-slack-hacks-6-ways-to-protect.html

Uber fined €290M for transferring sensitive E.U. driver data to U.S. servers without adequate safeguards.

With the Privacy Shield gone, companies must adopt robust alternatives like the new E.U.-U.S. Data Privacy Framework.

Read: https://thehackernews.com/2024/08/dutch-regulators-fines-uber-290-million.html

SonicWall has released a critical security update to fix a major firewall vulnerability. If unpatched, this flaw could grant unauthorized access to your network, jeopardizing sensitive data.

Read: https://thehackernews.com/2024/08/sonicwall-issues-critical-patch-for.html

Apply the latest patches immediately!

Google has disclosed active exploitation of a high severity Chrome vulnerability, CVE-2024-7965, which was patched last week.

This flaw in Chrome's V8 engine could enable remote attacks.

Learn more: https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html

Make sure your browser is updated to the latest version.

A recently patched Microsoft365 Copilot vulnerability used ASCII smuggling to potentially steal sensitive user data.

Such an attack could have led to significant data breaches, highlighting the hidden risks in advanced AI applications.

Read: https://thehackernews.com/2024/08/microsoft-fixes-ascii-smuggling-flaw.html

Gartner's latest CTEM report highlights Adversarial Exposure Validation (AEV) as vital for cybersecurity, combining breach simulation with pentesting to streamline security assessments, automate testing, and enhance resilience.

Learn more: https://thehackernews.com/2024/08/ctem-in-spotlight-how-gartners-new.html

A newly discovered zero-day flaw in Versa Director has been exploited by the infamous Volt Typhoon group, enabling them to inject undetected malicious code, bypassing traditional security measures.

Learn more: https://thehackernews.com/2024/08/chinese-volt-typhoon-exploits-versa.html

🚨 MacOS Users Beware: A new variant of the HZ RAT backdoor has surfaced, and it’s now targeting users of popular Chinese messaging apps like DingTalk and WeChat.


This #malware doesn't just sit quietly—it connects to a command-and-control server, giving attackers the power to execute commands and steal your sensitive information.


⚠️ Why it matters: If you're using these apps on a Mac, you could be at risk. Ensure your system is secure, and always be vigilant about the software you install.


Read: https://thehackernews.com/2024/08/macos-version-of-hz-rat-backdoor.html


P.S. Share this with your network to keep them informed.

A critical vulnerability (CVE-2024-6386) has been discovered in the WPML WordPress plugin.

With a CVSS score of 9.9, this flaw could allow attackers to execute code remotely, putting over a million websites at risk.

The vulnerability affects all versions before 4.6.13, released on August 20, 2024. Immediate updates are essential.

Read: https://thehackernews.com/2024/08/critical-wpml-plugin-flaw-exposes.html

Ensure your site is secure—update the WPML plugin now.

CISA has added a critical Apache OFBiz flaw, CVE-2024-38856, to its Known Exploited Vulnerabilities list. It allows RCE attacks, putting countless businesses at serious risk.

https://thehackernews.com/2024/08/cisa-flags-critical-apache-ofbiz-flaw.html

PoC exploits are already public, so update your systems immediately.

🚨 Alert: BlackByte ransomware is exploiting a recently patched VMware ESXi vulnerability (CVE-2024-37085) to escalate privileges and compromise systems.

But that's not all... they're also using vulnerable drivers to disable security measures, making this attack especially dangerous.

Read: https://thehackernews.com/2024/08/blackbyte-ransomware-exploits-vmware.html


P.S. If this was helpful, consider resharing ♻️ to help others stay protected!

A South Korea-aligned cyber espionage group, APT-C-60, has exploited a critical flaw in Kingsoft WPS Office to deploy the SpyGlace backdoor.

Read: https://thehackernews.com/2024/08/apt-c-60-group-exploit-wps-office-flaw.html

Ensure your security teams are updated on CVE-2024-7262 and CVE-2024-7263.

🚨 A critical vulnerability in Fortra's FileCatalyst Workflow, tracked as CVE-2024-6633, exposes users to remote admin access attacks.

Severity Level: CVSS 9.8

Learn more: https://thehackernews.com/2024/08/fortra-issues-patch-for-high-risk.html

If you haven’t patched your system yet, do it NOW.

Pavel Durov, CEO of #Telegram, has been formally charged by French prosecutors for facilitating criminal activities on the platform.

Learn about the investigation and its implications: https://thehackernews.com/2024/08/french-authorities-charge-telegram-ceo.html

🚨 A severe vulnerability in AVTECH IP cameras (CVE-2024-7029) is now being weaponized by hackers, creating a botnet. Unpatched & easily exploitable, this flaw poses a massive risk to commercial, financial, and healthcare sectors.

Read: https://thehackernews.com/2024/08/unpatched-avtech-ip-camera-flaw.html

🔒 U.S. agencies have identified an Iranian hacking group, Pioneer Kitten, as the force behind a wave of ransomware attacks.

Key sectors like education, healthcare, and defense are under fire, with sensitive data hanging in the balance.

Read: https://thehackernews.com/2024/08/us-agencies-warn-of-iranian-hacking.html

🛡️ Cybersecurity experts weigh in on why the SBOM is not enough.

While the SBOM is a foundational first step towards bringing transparency to the internal components of business-critical software, it is, at its core, just a simple list of ingredients.

Learn how organizations can go beyond the SBOM and adopt a more comprehensive software risk assessment in the latest webinar from ReversingLabs: https://thn.news/dont-stop-sbom

Researchers uncovered attacks exploiting Safari and Chrome flaws, linked to Russian APT29, using watering hole tactics on Mongolian government sites.

Read: https://thehackernews.com/2024/08/russian-hackers-exploit-safari-and.html