The Georgetown Master's in Cybersecurity Risk Management covers business, law, computer science, and organizational change.

Learn more: https://thn.news/georgetown-masters-cyber-risk-ig

🚨 Sophisticated mobile phishing campaign uncovered! Attackers are distributing the updated Antidot banking trojan, now called AppLite Banker, targeting unsuspecting job seekers.

Learn how this threat operates and what measures to take: https://thehackernews.com/2024/12/fake-recruiters-distribute-banking.html

A critical vulnerability (CVE-2024-50623) in Cleo's file transfer software is under active, widespread exploitation—affecting fully patched systems.

The flaw allows unauthenticated remote code execution through unrestricted file uploads, enabling attackers to execute arbitrary code.

Over 4,200 organizations use Cleo software globally—this is a major security concern for logistics, consumer products, and more.

Get critical insights: https://thehackernews.com/2024/12/cleo-file-transfer-vulnerability-under.html

🤖 Traditional pentesting is falling behind. Cyberattacks happen daily—automation ensures your defenses are always ready, not just once a year.

Automated pentesting delivers frequent, accurate, and cost-efficient assessments, ensuring real-time visibility into your vulnerabilities.

Discover how automation is changing the game: https://thehackernews.com/2024/12/the-future-of-network-security.html

🔥 Critical Security Alert! Ivanti uncovers a CVSS 10.0-rated vulnerability allowing unauthenticated attackers to gain admin access in their Cloud Services Application.

This flaw isn’t alone—Ivanti has patched multiple critical vulnerabilities in its Connect Secure and CSA products.

🔗 Don't wait—explore the critical details and ensure your systems are secure: https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html

U.S. has unsealed charges against a Chinese hacker for exploiting a zero-day #vulnerability in 81,000 Sophos firewalls, enabling the infiltration of critical systems, the theft of sensitive data, and targeting U.S. infrastructure.

Learn more: https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html

💻 Microsoft’s final Patch Tuesday of 2024 fixed 72 vulnerabilities, including one actively exploited in the wild: CVE-2024-49138.

Ensure your systems are updated now.

🔗 Read more: https://thehackernews.com/2024/12/microsoft-fixes-72-flaws-including.html

Discover how Zero Trust, immutable backups, and encryption can secure Microsoft365—starting with Zero Trust, where every access request is verified.

Learn key strategies to protect your environment.

Read the full article now: https://thehackernews.com/expert-insights/2024/12/5-strategies-to-combat-ransomware-and.html

🚨 A new surveillance tool, EagleMsgSpy, has been exposed as a powerful spyware linked to Chinese police departments, secretly collecting vast data from mobile devices since 2017.

🔗 Read full details here: https://thehackernews.com/2024/12/chinese-eaglemsgspy-spyware-found.html

⚡ WEBINAR ALERT: SaaS apps are transforming business—but are they secure?

Join KPMG Canada & AppOmni to learn how to protect your data from risks.

Register now: https://thehackernews.uk/saas-appsec-cyber-risk

🔒 ZLoader #malware is back—with a stealthy upgrade. The latest version employs DNS tunneling for encrypted communication, raising the stakes for detection efforts.

This isn’t just an update; ZLoader now includes an interactive shell capable of executing over a dozen commands, a game-changer for #ransomware attacks.

Dive into the details. https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html

🚨 A security flaw, dubbed AuthQuake, in Microsoft’s Multi-Factor Authentication (MFA) allowed attackers to bypass protection within an hour – no alerts, no interaction required.

Get the full story here: https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html

🚨 A trusted Windows feature, UI Automation, can be exploited by #malware to bypass EDR detection, execute stealthy commands, and steal data undetected.

🔗 Explore how this attack works: https://thehackernews.com/2024/12/new-malware-technique-could-exploit.html

A Russian state-sponsored group, Secret Blizzard, is leveraging other hackers’ #malware to deploy its tools in Ukraine, raising the stakes in cyber warfare.

Read the full story: https://thehackernews.com/2024/12/secret-blizzard-deploys-kazuar-backdoor.html

🚨 Operation PowerOFF — Global law enforcement just shut down 27 DDoS-for-hire platforms, dismantling major stresser services used by cybercriminals to disrupt websites.

Over 300 users and 3 admins are under investigation, with arrests made in France and Germany.

Read: https://thehackernews.com/2024/12/europol-dismantles-27-ddos-attack.html

Did you know? Your team could be using dozens of SaaS tools you’re unaware of—right now!

Unapproved apps, duplicate tenants, and risky OAuth grants are just the tip of the iceberg. Discover how Nudge Security is revolutionizing SaaS visibility and governance.

Read more about the solution here: https://thehackernews.com/2024/01/what-is-nudge-security-and-how-does-it.html

Critical flaw in Hunk Companion plugin (CVE-2024-11972, CVSS: 9.8) allows attackers to install vulnerable plugins, potentially leading to Remote Code Execution (RCE), SQL Injection, and administrative backdoors.

Over 10,000 WordPress sites are at risk. Learn steps to secure your site now: https://thehackernews.com/2024/12/wordpress-hunk-companion-plugin-flaw.html

[Free] Cloud Risk Self-Assessment Checklist

Ready to secure your cloud? Easily evaluate and uncover cloud risk with this simple checklist to help strengthen your security posture.

Downlod Checklist: https://thn.news/cloud-risk-checklist

🚨 Apple's TCC framework #vulnerability exposed!

A now-patched flaw (CVE-2024-44131) allowed unauthorized apps to access sensitive data like Health info, microphone, and #iCloud backups—without users knowing.

Learn more: https://thehackernews.com/2024/12/researchers-uncover-symlink-exploit.html

Gamaredon, a Russian-linked hacking group, targets mobile devices with BoneSpy and PlainGnome, #spyware stealing SMS, call logs, location, and photos in former Soviet states.

Find details here: https://thehackernews.com/2024/12/gamaredon-deploys-android-spyware.html