⚠️ Six critical security flaws have been discovered in the Ollama AI framework, enabling potential model poisoning and theft. With a staggering number of unpatched instances, it’s crucial to filter internet-facing endpoints effectively.

Read: https://thehackernews.com/2024/11/critical-flaws-in-ollama-ai-framework.html

💻 Don't miss out on our latest #cybersecurity newsletter!

This week, we're diving into the chaos as hackers ramp up attacks, including North Korean ransomware collaboration and evasive password spraying tactics.

https://thehackernews.com/2024/11/thn-recap-top-cybersecurity-threats.html

Google warns of active exploitation of CVE-2024-43093 in Android.

This #vulnerability allows unauthorized access to critical directories, emphasizing the need for timely updates and patching processes.

https://thehackernews.com/2024/11/google-warns-of-actively-exploited-cve.html

Canadian authorities have arrested Alexander "Connor" Moucka, a suspect in the Snowflake data breach that impacted around 165 organizations, including major corporations like AT&T and Ticketmaster, some of which were extorted for large sums.

https://thehackernews.com/2024/11/canadian-suspect-arrested-over.html

Synology has released a patch for a critical zero-day vulnerability (CVE-2024-10443) affecting millions of NAS devices, which allows remote code execution without user interaction.

Read: https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html

🚨 Hundreds of typosquatted versions targeting npm developers are attempting to deliver cross-platform #malware by employing Ethereum smart contracts for command-and-control (C2) communications.

Read: https://thehackernews.com/2024/11/malware-campaign-uses-ethereum-smart.html

The Android banking malware "ToxicPanda" has infected over 1,500 devices, facilitating fraudulent transactions by bypassing security measures.

It disguises itself as legitimate apps and intercepts OTPs for unauthorized access.

Read: https://thehackernews.com/2024/11/new-android-banking-malware-toxicpanda.html

Explore how Zero Trust security transforms #cybersecurity by eliminating implicit trust, scrutinizing access requests, and continuously monitoring users to mitigate insider threats and enhance security posture.

Read: https://thehackernews.com/2024/11/leveraging-wazuh-for-zero-trust-security.html

The FBI is seeking public assistance to identify those behind cyber intrusions linked to Chinese APT groups that have exploited vulnerabilities in edge devices and networks for cyber espionage against critical infrastructure.

Learn more: https://thehackernews.com/2024/11/fbi-seeks-public-help-to-identify.html

Google Cloud will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025

Learn more: https://thehackernews.com/2024/11/google-cloud-to-enforce-multi-factor.html

South Korea fined Meta $15.67 million for sharing sensitive data from 980,000 users with advertisers without proper consent.

Learn more: https://thehackernews.com/2024/11/south-korea-fines-meta-1567m-for.html

INTERPOL has taken down over 22,000 malicious servers in its Operation Synergia II, targeting phishing, ransomware, and malware.

Learn more: https://thehackernews.com/2024/11/interpols-operation-synergia-ii.html

Continuous Threat Exposure Management (CTEM) is no longer optional—it's essential!

As threats evolve, CTEM empowers organizations to proactively identify and mitigate vulnerabilities before they lead to costly breaches. 🔗

Read the full article to discover how to keep CTEM on your 2025 budget radar: https://thehackernews.com/2024/11/9-steps-to-get-ctem-on-your-2025.html

🚨 Warning: New Winos 4.0 malware is targeting users through 🎮 gaming applications. This advanced framework can take control of compromised systems and harvest sensitive data, targeting educational organizations and cryptocurrency wallets.

Read: https://thehackernews.com/2024/11/new-winos-40-malware-infects-gamers.html

🔥 Did you know? Advanced threat actors can breach identity systems in days.

Learn about SaaS and cloud vulnerabilities. Join our LIVE WEBINAR to learn crucial strategies for securing your identity infrastructure.

👉 Join now: https://thehacker.news/identity-based-attacks

🔒 Canada orders TikTok to shut down operations over national security concerns.

Read more here: https://thehackernews.com/2024/11/canada-orders-tiktok-to-shut-down.html

🌩️ Cyber Alert: VEILDrive Attack!

A new attack exploits Microsoft SaaS tools like Teams and OneDrive, enabling malware distribution through trusted channels.

Read the article: https://thehackernews.com/2024/11/veildrive-attack-exploits-microsoft.html

🚨 Cisco has issued updates for CVE-2024-20418, a critical vulnerability in Ultra-Reliable Wireless Backhaul Access Points (CVSS: 10.0) that allows unauthorized root command execution.

Read: https://thehackernews.com/2024/11/cisco-releases-patch-for-critical-urwb.html

Update to version 17.15.1 ASAP to protect your network!

💻🔑 Developers, beware!

A malicious package named "fabrice" has been discovered on PyPI, stealthily stealing AWS credentials for over three years.

With more than 37,100 downloads, this typosquatting threat poses serious risks.

Read: https://thehackernews.com/2024/11/malicious-pypi-package-fabrice-found.html

🚨 Cyber alert: The CopyRh(ight)adamantys phishing campaign is leveraging copyright themes to spread the Rhadamanthys stealer, while Kaspersky reveals SteelFox #malware, exploiting vulnerable drivers for data theft.

Learn more: https://thehackernews.com/2024/11/steelfox-and-rhadamanthys-malware-use.html