β οΈ Would you trust βUpdateMe.exeβ or βSecurityPatch.exeβ?
Cybercriminals are disguising malware as software updates to deliver CoinLurker, a stealer targeting cryptocurrency wallets.
β Did you know:
β’ Evades detection using stolen EV certificates and advanced obfuscation
β’ Steals data from crypto wallets (Bitcoin, Ledger Live, Exodus)
β’ Harvests credentials from tools like Telegram, Discord, FileZilla
π‘οΈ Protect Your Team:
β’ Use ad-blocking tools to filter suspicious links
β’ Train employees to spot fake software updates
β’ Monitor downloads for anomalies
π Read details here: https://thehackernews.com/2024/12/hackers-exploit-webview2-to-deploy.html
Cybercriminals are disguising malware as software updates to deliver CoinLurker, a stealer targeting cryptocurrency wallets.
β Did you know:
β’ Evades detection using stolen EV certificates and advanced obfuscation
β’ Steals data from crypto wallets (Bitcoin, Ledger Live, Exodus)
β’ Harvests credentials from tools like Telegram, Discord, FileZilla
π‘οΈ Protect Your Team:
β’ Use ad-blocking tools to filter suspicious links
β’ Train employees to spot fake software updates
β’ Monitor downloads for anomalies
π Read details here: https://thehackernews.com/2024/12/hackers-exploit-webview2-to-deploy.html
π21π9β‘5π5π₯1
β οΈ Imagine this: Your team downloads what looks like a regular PDF. Behind the scenes? Malware that steals data, controls devices, and watches everything.
This isnβt fiction. The Bitter APT group is targeting high-value Turkish defense firm using:
β’ Fake World Bank PDFs as lures.
β’ NTFS Alternate Data Streams (ADS) to hide PowerShell malware inside harmless files.
β’ WmRAT & MiyaRAT to steal data, take screenshots, and run remote commands.
π Learn more: https://thehackernews.com/2024/12/bitter-apt-targets-turkish-defense.html
This isnβt fiction. The Bitter APT group is targeting high-value Turkish defense firm using:
β’ Fake World Bank PDFs as lures.
β’ NTFS Alternate Data Streams (ADS) to hide PowerShell malware inside harmless files.
β’ WmRAT & MiyaRAT to steal data, take screenshots, and run remote commands.
π Learn more: https://thehackernews.com/2024/12/bitter-apt-targets-turkish-defense.html
π₯26π3π€3π€―2π±2
π Is your team hunting threats... or drowning in data?
Cyber attackers donβt wait. Neither should you. 5 expert techniques from @anyrun_app can help you:
β’ Spot threats targeting your region
β’ Validate suspicious IPs & scripts fast
β’ Track evolving TTPs to stay ahead of attackers
β’ Build real-time threat intel for proactive defense
β±οΈ Early detection = less damage, fewer disruptions, and smarter resource allocation.
π Start preventing attacks. Learn the techniques here: https://thehackernews.com/2024/12/5-practical-techniques-for-effective.html
Cyber attackers donβt wait. Neither should you. 5 expert techniques from @anyrun_app can help you:
β’ Spot threats targeting your region
β’ Validate suspicious IPs & scripts fast
β’ Track evolving TTPs to stay ahead of attackers
β’ Build real-time threat intel for proactive defense
β±οΈ Early detection = less damage, fewer disruptions, and smarter resource allocation.
π Start preventing attacks. Learn the techniques here: https://thehackernews.com/2024/12/5-practical-techniques-for-effective.html
π15π₯4β‘2π2
π£ From LNK to MSC β Tax-themed phishing lures are delivering stealthy backdoors using MSC files disguised as PDFs to target Pakistan.
Β» MSC files mimic legit Windows Management tools, making detection harder.
Β» The attack combines stealthy delivery and scheduled tasks for persistence.
π Details here: https://thehackernews.com/2024/12/hackers-use-microsoft-msc-files-to.html
Β» MSC files mimic legit Windows Management tools, making detection harder.
Β» The attack combines stealthy delivery and scheduled tasks for persistence.
π Details here: https://thehackernews.com/2024/12/hackers-use-microsoft-msc-files-to.html
π₯18π9π€3β‘2
β οΈ DarkGate isnβt new β but its delivery methods are evolving.
Attackers are now impersonating external suppliers on Microsoft Teams calls, tricking victims into installing AnyDesk for remote access.
π DarkGate's Capabilities: Keylogging, screen capture, credential theft, and audio recording.
π Read the full article here: https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html
Attackers are now impersonating external suppliers on Microsoft Teams calls, tricking victims into installing AnyDesk for remote access.
π DarkGate's Capabilities: Keylogging, screen capture, credential theft, and audio recording.
π Read the full article here: https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html
π18π8β‘4π₯1
π₯ A critical Apache Struts vulnerability (CVE-2024-53677) with a 9.5/10 CVSS score is actively being exploited, putting corporate IT stacks at risk.
Β» Hackers are uploading malicious files, enabling remote code execution.
Β» Systems running Struts versions 2.0.0 to 6.3.0.2 are vulnerable.
π Donβt be tomorrowβs headline. Upgrade to Struts 6.4.0+ and adopt the Action File Upload mechanism NOW to stay secure.
Find details here: https://thehackernews.com/2024/12/patch-alert-critical-apache-struts-flaw.html
Β» Hackers are uploading malicious files, enabling remote code execution.
Β» Systems running Struts versions 2.0.0 to 6.3.0.2 are vulnerable.
π Donβt be tomorrowβs headline. Upgrade to Struts 6.4.0+ and adopt the Action File Upload mechanism NOW to stay secure.
Find details here: https://thehackernews.com/2024/12/patch-alert-critical-apache-struts-flaw.html
π17π₯6β‘4π€2π±1
π Meta under fire (again): The 2018 Facebook breach has just cost the company β¬251 millionβand exposed 29 million accounts worldwide, including sensitive data such as emails, phone numbers, and even childrenβs information.
A flaw in the π βView Asβ feature allowed attackers to steal access tokens and compromise user accounts.
π Learn more about the case: https://thehackernews.com/2024/12/meta-fined-251-million-for-2018-data.html
A flaw in the π βView Asβ feature allowed attackers to steal access tokens and compromise user accounts.
π Learn more about the case: https://thehackernews.com/2024/12/meta-fined-251-million-for-2018-data.html
π₯20π12π8β‘2
π βWords matter,β says INTERPOL.
Shifting from "pig butchering" to "romance baiting" shifts the narrative to support victims, not shame them.
Victims are not just losing moneyβthey're trapped in emotional manipulation by transnational organized crime groups.
Read to know how these scams operate and how to defend against them π https://thehackernews.com/2024/12/interpol-pushes-for-romance-baiting-to.html
Shifting from "pig butchering" to "romance baiting" shifts the narrative to support victims, not shame them.
Victims are not just losing moneyβthey're trapped in emotional manipulation by transnational organized crime groups.
Read to know how these scams operate and how to defend against them π https://thehackernews.com/2024/12/interpol-pushes-for-romance-baiting-to.html
π12π4β‘3π2π₯1π€1
APT29, a Russia-linked threat group, is repurposing legitimate red team tools for cyberespionage:
Β» Targeting: Governments, researchers, and think tanks
Β» Scale: 200 victims hit in just one day
Β» Method: Malicious RDP files that bypass malware defenses
Why should you care? These attacks silently steal data like credentials and sensitive documentsβwithout leaving a trace.
π Stay informed. Details here: https://thehackernews.com/2024/12/apt29-hackers-target-high-value-victims.html
Β» Targeting: Governments, researchers, and think tanks
Β» Scale: 200 victims hit in just one day
Β» Method: Malicious RDP files that bypass malware defenses
Why should you care? These attacks silently steal data like credentials and sensitive documentsβwithout leaving a trace.
π Stay informed. Details here: https://thehackernews.com/2024/12/apt29-hackers-target-high-value-victims.html
π₯14π5π3β‘1
π 2024βs Cybersecurity Benchmark is Here! Cynet just achieved 100% Detection Visibility and 100% Protection in the 2024 MITRE ATT&CK Evaluation.
Hereβs why this matters:
π‘οΈ 100% Detection across every test.
π« No false positives, no delays.
π Protection on every attack step executed.
Evaluate how your current vendor compares. Read more about Cynetβs performance: https://thehackernews.com/2024/12/only-cynet-delivers-100-protection-and.html
Hereβs why this matters:
π‘οΈ 100% Detection across every test.
π« No false positives, no delays.
π Protection on every attack step executed.
Evaluate how your current vendor compares. Read more about Cynetβs performance: https://thehackernews.com/2024/12/only-cynet-delivers-100-protection-and.html
π14π10β‘5π₯1
π¨ A critical flaw (CVE-2024-12356, CVSS score: 9.8) has been discovered in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products.
An unauthenticated attacker could exploit this to inject commands and execute arbitrary OS actions, posing a serious security risk.
Learn more: https://thehackernews.com/2024/12/beyondtrust-issues-urgent-patch-for.html
An unauthenticated attacker could exploit this to inject commands and execute arbitrary OS actions, posing a serious security risk.
Learn more: https://thehackernews.com/2024/12/beyondtrust-issues-urgent-patch-for.html
π€―8β‘4π1π₯1π±1
Are tech debt challenges holding you back?
π Dive into ActiveState's latest whitepaper, featuring best practices to turn tech debt into a strategic advantage.
π Learn how effective open source management can reduce opportunity costs and security risks. Empower your team with actionable insights.
Download now: https://thn.news/tech-debt-best-practices
π Dive into ActiveState's latest whitepaper, featuring best practices to turn tech debt into a strategic advantage.
π Learn how effective open source management can reduce opportunity costs and security risks. Empower your team with actionable insights.
Download now: https://thn.news/tech-debt-best-practices
β‘4π₯3π€―2π1
π Would you click on a fake DocuSign email? Thousands already did.
Phishers are baiting employees with urgent DocuSign alerts, exploiting trusted services like HubSpot Free Form Builder to redirect users to fake Office 365 login pages for credential theft.
The numbers tell the story:
π» 20,000+ users in Europe impacted
π οΈ Bulletproof hosting powers attackersβ infrastructure
π Increasing abuse of trusted tools like Google Calendar
π Learn more: https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html
Phishers are baiting employees with urgent DocuSign alerts, exploiting trusted services like HubSpot Free Form Builder to redirect users to fake Office 365 login pages for credential theft.
The numbers tell the story:
π» 20,000+ users in Europe impacted
π οΈ Bulletproof hosting powers attackersβ infrastructure
π Increasing abuse of trusted tools like Google Calendar
π Learn more: https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html
π24π±3π₯2β‘1
β οΈ Ukraineβs CERT-UA uncovers a malware attack targeting military personnel.
Disguised as the Army+ app, this sophisticated attack:
Β» Exploits Cloudflare Workers and Pages to host fake login pages.
Β» Tricks users into giving up credentials.
Β» Installs OpenSSH and steals cryptographic keys via the TOR network.
π‘ Even legitimate services are becoming a haven for cybercriminals, raising red flags for CISOs and CTOs.
π Read the full analysis here: https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html
Disguised as the Army+ app, this sophisticated attack:
Β» Exploits Cloudflare Workers and Pages to host fake login pages.
Β» Tricks users into giving up credentials.
Β» Installs OpenSSH and steals cryptographic keys via the TOR network.
π‘ Even legitimate services are becoming a haven for cybercriminals, raising red flags for CISOs and CTOs.
π Read the full analysis here: https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html
π15π₯8π5β‘1π€―1
Netflix has been fined β¬4.75M for violating GDPR by failing to explain how it used customer data like email addresses and payment details between 2018β2020.
Read more: https://thehackernews.com/2024/12/dutch-dpa-fines-netflix-475-million-for.html
Read more: https://thehackernews.com/2024/12/dutch-dpa-fines-netflix-475-million-for.html
β‘19π7π₯7π6π3π€1
π₯ Critical Alert: CISAβs new directive, BOD 25-01, sets a new benchmark in cloud security for federal agencies.
Why? Misconfigurations and weak controls are opening doors to attackers.
Key Deadlines:
Β» By Feb 2025: Identify all cloud tenants
Β» By Apr 2025: Deploy SCuBA assessment tools
Β» By Jun 2025: Implement mandatory policies
π Learn how to protect your communications effectively: https://thehackernews.com/2024/12/cisa-mandates-cloud-security-for.html
π‘οΈ Regularly update security configurations to reduce your attack surface.
Why? Misconfigurations and weak controls are opening doors to attackers.
Key Deadlines:
Β» By Feb 2025: Identify all cloud tenants
Β» By Apr 2025: Deploy SCuBA assessment tools
Β» By Jun 2025: Implement mandatory policies
π Learn how to protect your communications effectively: https://thehackernews.com/2024/12/cisa-mandates-cloud-security-for.html
π‘οΈ Regularly update security configurations to reduce your attack surface.
π11β‘4π2
π Fortinet's Wireless LAN Manager (FortiWLM) is vulnerable to a path traversal flaw (CVE-2023-34990) with a 9.6/10 CVSS score.
Why itβs urgent: It allows attackers to...
1οΈβ£ Access admin accounts using static session IDs.
2οΈβ£ Execute unauthorized commands by chaining vulnerabilities.
3οΈβ£ Gain root access to your network in minutes.
π οΈ Patch now:
Affected versions: 8.5.0 to 8.6.5.
Fixed in 8.6.6βupdate immediately.
Read: https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html
Why itβs urgent: It allows attackers to...
1οΈβ£ Access admin accounts using static session IDs.
2οΈβ£ Execute unauthorized commands by chaining vulnerabilities.
3οΈβ£ Gain root access to your network in minutes.
π οΈ Patch now:
Affected versions: 8.5.0 to 8.6.5.
Fixed in 8.6.6βupdate immediately.
Read: https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html
π₯15π6β‘2π€2
π¨ What if your device unknowingly became a tool for cybercrime? Itβs happening now.
Mirai malware strikes Juniper SSR devices, leveraging default passwords to turn them into DDoS attack machines. Over 90% of breached systems had unaltered factory settings.
π Donβt leave the door open. Secure your systems today.
Read the full report: https://thehackernews.com/2024/12/juniper-warns-of-mirai-botnet-targeting.html
Mirai malware strikes Juniper SSR devices, leveraging default passwords to turn them into DDoS attack machines. Over 90% of breached systems had unaltered factory settings.
π Donβt leave the door open. Secure your systems today.
Read the full report: https://thehackernews.com/2024/12/juniper-warns-of-mirai-botnet-targeting.html
π₯10π8π4β‘3π2π€2
Threat actors are tricking developers with fake npm packages like typescript-eslint lookalikes, amassing thousands of downloads.
Compromised tools = compromised enterprises. One wrong download could breach your entire development cycle.
π Your move:
β Review your dependencies.
β Learn how these attacks work.
β Build a resilient security strategy.
π Read here: https://thehackernews.com/2024/12/thousands-download-malicious-npm.html
Compromised tools = compromised enterprises. One wrong download could breach your entire development cycle.
π Your move:
β Review your dependencies.
β Learn how these attacks work.
β Build a resilient security strategy.
π Read here: https://thehackernews.com/2024/12/thousands-download-malicious-npm.html
π17π€―6π4β‘2
π¨ CISA warns of an actively exploited critical flaw (CVE-2024-12356, CVSS: 9.8) in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products.
Attackers can exploit this flaw to run arbitrary commandsβno authentication required.
Read: https://thehackernews.com/2024/12/cisa-adds-critical-flaw-in-beyondtrust.html
Attackers can exploit this flaw to run arbitrary commandsβno authentication required.
Read: https://thehackernews.com/2024/12/cisa-adds-critical-flaw-in-beyondtrust.html
π12π9β‘5π€1