A $40B data analytics company suffered a major breach after a secret was accidentally shared in a Jira comment, underscoring the urgent need to rethink secret management as they spread across tools like Slack and Confluence, doubling the attack surface.

https://thehackernews.com/2024/09/secrets-exposed-why-your-ciso-should.html

A new #malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN to deliver WikiLoader via SEO malvertising.

Learn more to update your defenses and stay ahead of these evolving threats: https://thehackernews.com/2024/09/hackers-use-fake-globalprotect-vpn.html

Clearview AI has been hit with a €30.5M fine for scraping billions of facial images without consent. Dutch authorities are even investigating personal liability for Clearview's management.

Read: https://thehackernews.com/2024/09/clearview-ai-faces-305m-fine-for.html

Zyxel has patched a critical #vulnerability (CVE-2024-7261) that allowed unauthenticated attackers to execute OS commands on certain routers and access points.

Learn more: https://thehackernews.com/2024/09/zyxel-patches-critical-os-command.html

Don't miss out on the upcoming webinar from Push Security demoing infostealers, showing how to steal cookies and hijack sessions for MFA-protected services like M365 and downstream SaaS apps.

Pick a time and register here: https://thn.news/infostealers-webinar-other

Account takeover attacks are increasing in SaaS environments, with browsers being the key battleground. A new report highlights how browser security can prevent phishing, malicious extensions, and credential theft.

Learn more now: https://thehackernews.com/2024/09/the-new-effective-way-to-prevent.html

North Korean hackers are using fake video conferencing apps, like FreeConference, in job interview scams to deliver malware capable of remote control, browser data theft, and cryptocurrency wallet hacking.

Read: https://thehackernews.com/2024/09/north-korean-hackers-targets-job.html

New supply chain attack, Revival Hijack, could target 22,000+ PyPI packages, risking thousands of malicious downloads. Removed packages are being re-registered, exposing developers to supply chain risks. Check your DevOps pipelines!
https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html

Cisco has issued urgent updates for two critical flaws (CVSS 9.8) in its Smart Licensing Utility. These flaws (CVE-2024-20439 & CVE-2024-20440) let unauthenticated attackers elevate privileges or access sensitive data via crafted HTTP requests.

Read: https://thehackernews.com/2024/09/cisco-fixes-two-critical-flaws-in-smart.html

Earth Lusca's KTLVdoor malware targets Windows & #Linux, enabling file manipulation and remote scanning via 50+ command-and-control servers, likely shared with other threat actors.

Learn more: https://thehackernews.com/2024/09/new-cross-platform-malware-ktlvdoor.html

Researchers found hackers using MacroPack, a red teaming tool, to deploy advanced #malware like Havoc and PhantomCore. This global threat shows how attackers use legitimate software to bypass detection.

Read: https://thehackernews.com/2024/09/malware-attackers-using-macropack-to.html

🚨 Mindblowing numbers alert! 🚨 According to recent research, 45% of employees still have access to their ex-employer’s data, and over 25% of companies have had their reputations damaged due to ex-employees misusing data after leaving the company 🤡

Want to make sure your organization doesn’t fall into this risky 1/3? Learn how to safeguard your data and create a bulletproof offboarding protocol in just 20 minutes! 💼

Join ex-Google expert Ben King and the Zenphi team in a free webinar on ‘Offboarding in Google Workspace’. Get hands-on tips for:

— Automating access revokes
— Securing accounts post-departure
— Preventing unauthorized access

📋 Bonus: Register for free and receive an Employees offboarding checklist!

💡This webinar will set you apart as a cybersecurity pro — don’t miss it : https://thn.news/offboarding-best-practices

DOJ seized 32 pro-Russian propaganda domains that mimicked news outlets to spread disinformation. The goal: reduce global support for Ukraine and influence elections in the U.S. and abroad.

Learn more: https://thehackernews.com/2024/09/us-seizes-32-pro-russian-propaganda.html

9 Ways to Uncover Shadow AI

Discover how to enforce AI security best practices with this sample report from Wiz.

Read: https://thn.news/ai-security-assessment

🔐 NIST released CSF 2.0!

It’s all about continuous improvement with proactive, ongoing cybersecurity. New guidance on emerging threats + a “Govern” function to integrate cybersecurity into enterprise risk.

Is your org ready? Learn more: https://thehackernews.com/2024/09/nist-cybersecurity-framework-csf-and.html

⚠️ Veeam has patched 18 security flaws, including 5 critical ones allowing remote code execution (e.g., CVE-2024-40711 with a 9.8 CVSS score). Update now to protect your data.

Learn more: https://thehackernews.com/2024/09/veeam-releases-security-updates-to-fix.html

Tropic Trooper is back, targeting government entities in the Middle East and Malaysia with new cyber tactics! Detected in June 2024, this group has shifted focus to human rights studies—escalating the risk.

Find details here: https://thehackernews.com/2024/09/chinese-speaking-hacker-group-targets.html

Telegram’s CEO, Pavel Durov, speaks out after his arrest in France, calling the charges misguided.

Read: https://thehackernews.com/2024/09/paul-durov-criticizes-outdated-laws.html

Apache OFBiz just patched a high-severity #vulnerability (CVE-2024-45195) that allowed unauthenticated remote code execution.

Read: https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html

New LiteSpeed Cache flaw (CVE-2024-44000) risks unauthorized access to WordPress sites via exposed debug logs.

Read: https://thehackernews.com/2024/09/critical-security-flaw-found-in.html

Even old logs can be exploited. Update and purge now!