Hacktivist group Twelve is targeting Russian orgs with destructive attacks, wiping data with no ransom demands.
Using tools like Cobalt Strike & Mimikatz, they exploit valid accounts & RDP, putting even secure companies at risk.
Read: https://thehackernews.com/2024/09/hacktivist-group-twelve-targets-russian.html
Using tools like Cobalt Strike & Mimikatz, they exploit valid accounts & RDP, putting even secure companies at risk.
Read: https://thehackernews.com/2024/09/hacktivist-group-twelve-targets-russian.html
π48π13π€―9π€5
Earth Baxia, an APT group likely from China, has launched a sophisticated campaign exploiting a critical vulnerability (CVE-2024-36401) in GeoServer GeoTools to target APAC governments and industries.
Learn more: https://thehackernews.com/2024/09/chinese-hackers-exploit-geoserver-flaw.html
Learn more: https://thehackernews.com/2024/09/chinese-hackers-exploit-geoserver-flaw.html
π₯9π4π3
Developers, beware! Poisoned Python packages are being used by North Korean attackers to spread PondRAT malware, compromising both #Linux and macOS systems.
Learn more: https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html
Learn more: https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html
π±19π11π€―6β‘5π3π1
π Discord introduces DAVE, its custom end-to-end encryption (E2EE) protocol for voice and video calls.
Learn more: https://thehackernews.com/2024/09/discord-introduces-dave-protocol-for.html
However, text messages remain unencrypted, meaning they are still vulnerable to content moderation and other risks.
Learn more: https://thehackernews.com/2024/09/discord-introduces-dave-protocol-for.html
However, text messages remain unencrypted, meaning they are still vulnerable to content moderation and other risks.
π11π11π€4
π¨ Critical flaw (CVE-2024-7490) in Microchip's ASF may allow remote code execution in IoT devices.
CERT/CCβs advisory warns it could be widespread, impacting ASF v3.52.0.2574 and earlier.
Read: https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html
CERT/CCβs advisory warns it could be widespread, impacting ASF v3.52.0.2574 and earlier.
Read: https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html
π15
Catch up on last week's top #cybersecurity storiesβfrom dismantling the Raptor Train botnet and uncovering vulnerabilities through a $20 domain to North Korean phishing attacks and Appleβs legal U-turn.
Read: https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top.html
Read: https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top.html
β‘11π4π2π₯2
β‘ Telegram has agreed to provide users' IP addresses and phone numbers to authorities in response to valid legal requests. This decision comes after increased pressure, following the arrest of CEO Pavel Durov.
Read: https://thehackernews.com/2024/09/telegram-agrees-to-share-user-data-with.html
Read: https://thehackernews.com/2024/09/telegram-agrees-to-share-user-data-with.html
π€―96π±39π€22π20π15π₯11π4β‘3
π¨ New version of the Android banking trojan Octo2 spotted!
With enhanced Device Takeover (DTO) capabilities, it can remotely control devices to steal financial data & commit fraud undetected.
Read: https://thehackernews.com/2024/09/new-octo2-android-banking-trojan.html
With enhanced Device Takeover (DTO) capabilities, it can remotely control devices to steal financial data & commit fraud undetected.
Read: https://thehackernews.com/2024/09/new-octo2-android-banking-trojan.html
π10β‘5π±4π2
Is it time to ditch the 90-day password reset?
Frequent changes can lead to weak passwords like Password1 β‘οΈ Password2, increasing security risks. Even strong passwords arenβt foolproof as attackers exploit reuse & breaches.
Learn why 'never expire' might expose your business: https://thehackernews.com/2024/09/why-never-expire-passwords-can-be-risky.html
Frequent changes can lead to weak passwords like Password1 β‘οΈ Password2, increasing security risks. Even strong passwords arenβt foolproof as attackers exploit reuse & breaches.
Learn why 'never expire' might expose your business: https://thehackernews.com/2024/09/why-never-expire-passwords-can-be-risky.html
π18π€―4π€1
π¨ Kaspersky has officially pulled out of the U.S. market, unexpectedly replacing its antivirus software with UltraAV for some users. Many users have raised concerns about this unannounced transition.
Learn more: https://thehackernews.com/2024/09/kaspersky-exits-us-automatically.html
Learn more: https://thehackernews.com/2024/09/kaspersky-exits-us-automatically.html
π€15π6π₯6π6π±4β‘3
π¨ WEBINAR ALERT: Software Supply Chain Security 101 π¨
Join ReversingLabs on September 25th @ 12pm ET for a crash course on the technical tactics of software supply chain compromises and learn how to assess the risks posed by commercial software.
https://thn.news/supply-chain-security-101
Join ReversingLabs on September 25th @ 12pm ET for a crash course on the technical tactics of software supply chain compromises and learn how to assess the risks posed by commercial software.
https://thn.news/supply-chain-security-101
ReversingLabs
Technical Tactics of Supply Chain Compromises | ReversingLabs
This discussion details the tactics used to compromise software supply chains & embed threats in software.
π11π€―4π2π€2
π₯ Anyrun just released Safebrowsing β a new service that lets you quickly explore URLs in an isolated virtual browser.
π‘οΈ It notifies you about threats and has a friendly interface, perfect for users with any expertise level.
Give it a try, it's freeπ https://thn.news/malware-analysis-sandbox-1
π‘οΈ It notifies you about threats and has a friendly interface, perfect for users with any expertise level.
Give it a try, it's freeπ https://thn.news/malware-analysis-sandbox-1
app.any.run
Interactive Online Malware Analysis Sandbox - ANY.RUN
Cloud-based malware analysis service. Take your information security to the next level. Analyze suspicious and malicious activities using our innovative tools.
π27π€8π₯5π€―4
The U.S. Department of Commerce is proposing a ban on connected vehicles with software and hardware from foreign adversaries like China and Russia.
The ban impacts VCS and ADS tech in vehicles and could take full effect by 2027-2030.
Read: https://thehackernews.com/2024/09/us-proposes-ban-on-connected-vehicles.html
The ban impacts VCS and ADS tech in vehicles and could take full effect by 2027-2030.
Read: https://thehackernews.com/2024/09/us-proposes-ban-on-connected-vehicles.html
π20π€―8π7
β οΈ SaaS Data Leaks Are Rising! Attacks on platforms like Azure and Snowflake expose sensitive records.
Misconfigurations and weak passwords make you vulnerable. An SSPM can detect gaps, monitor permissions, and mitigate threats in real-time.
Explore: https://thehackernews.com/2024/09/the-sspm-justification-kit.html
Misconfigurations and weak passwords make you vulnerable. An SSPM can detect gaps, monitor permissions, and mitigate threats in real-time.
Explore: https://thehackernews.com/2024/09/the-sspm-justification-kit.html
π₯13π4
Altered Android apps on Google Play, like Wuta Camera (10M+ downloads), spread new Necro malware.
It can run malicious code, subscribe to paid services, and create device tunnels. Necro uses steganography to hide, evading detection.
https://thehackernews.com/2024/09/necro-android-malware-found-in-popular.html
It can run malicious code, subscribe to paid services, and create device tunnels. Necro uses steganography to hide, evading detection.
https://thehackernews.com/2024/09/necro-android-malware-found-in-popular.html
π₯23π€6π5β‘3π€―1
CISA just added a critical Ivanti vTM vulnerability (CVE-2024-7593) to its Known Exploited Vulnerabilities (KEV) list due to active exploitation.
With a CVSS score of 9.8, this vulnerability allows unauthenticated attackers to bypass admin controlsβcreating rogue admin users in your system.
Ivanti has released patches, but many affected systems remain exposed. U.S. federal agencies have until October 15 to fix the issue, but anyone using Ivanti needs to act now.
Read: https://thehackernews.com/2024/09/cisa-flags-critical-ivanti-vtm.html
With a CVSS score of 9.8, this vulnerability allows unauthenticated attackers to bypass admin controlsβcreating rogue admin users in your system.
Ivanti has released patches, but many affected systems remain exposed. U.S. federal agencies have until October 15 to fix the issue, but anyone using Ivanti needs to act now.
Read: https://thehackernews.com/2024/09/cisa-flags-critical-ivanti-vtm.html
β‘11π3π€3π2
π§π Hackers are exploiting legit email accounts in transport companies to deliver RATs like NetSupport & DanaBot, causing disruptions, data theft, and major financial damage if not addressed quickly.
Learn more: https://thehackernews.com/2024/09/transportation-companies-hit-by.html
Learn more: https://thehackernews.com/2024/09/transportation-companies-hit-by.html
π7π5π€―3π₯1
A vulnerability in the memory feature of OpenAI's ChatGPT app for macOS, dubbed "SpAIware," could hvae allowed attackers to embed #spyware, exposing user data across multiple conversations.
Learn more: https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.html
Learn more: https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.html
π15π₯9π3
Despite a decade of SOAR advancements, SOCs remain manual-heavy. Agentic AI is breaking new ground by automating the hardest SOC tasksβtriage and investigation.
Learn how it could reshape your cybersecurity strategy: https://thehackernews.com/2024/09/agentic-ai-in-socs-solution-to-soars.html
Learn how it could reshape your cybersecurity strategy: https://thehackernews.com/2024/09/agentic-ai-in-socs-solution-to-soars.html
π€6π4π₯3
π¨ New red team tool Splinter discovered by Palo Alto's Unit 42. Not as advanced as Cobalt Strike, but still a threat if misused. Built with Rust, it enables process injection & C2 communication.
Learn more: https://thehackernews.com/2024/09/cybersecurity-researchers-warn-of-new.html
Cyber pros, stay alert!
Learn more: https://thehackernews.com/2024/09/cybersecurity-researchers-warn-of-new.html
Cyber pros, stay alert!
π13β‘1