AT&T confirms massive data breach affecting "nearly all" wireless customers. This impacts millions, potentially exposing call records and location data.

Learn more: https://thehackernews.com/2024/07/at-confirms-data-breach-affecting.html

This data could be a goldmine for cybercriminals planning targeted attacks.

🔥 Compromised credentials are now the #1 attack vector in 2024!

Every set of credentials is a potential entry point for attackers. This makes securing them more important than ever.

Learn more in this exclusive Expert-led webinar: https://thehackernews.com/2024/07/ever-wonder-how-hackers-really-steal.html

A new version of HardBit ransomware has emerged with advanced obfuscation techniques to evade analysis efforts and unique extortion tactics. Learn about its evolving threat landscape.

Learn more: https://thehackernews.com/2024/07/new-hardbit-ransomware-40-uses.html

Singapore banks will soon replace OTPs with digital tokens for online banking authentication to combat phishing attacks, as announced by MAS and ABS.

Learn more: https://thehackernews.com/2024/07/singapore-banks-to-phase-out-otps-for.html

This move significantly reduces the risk of credential theft and account hijacking.

⚠️ CRYSTALRAY threat actor has ramped up operations, infecting over 1,500 victims using open-source tools like SSH-Snake.

Learn more: https://thehackernews.com/2024/07/crystalray-hackers-infect-over-1500.html

Experts warn that the attackers are leveraging legitimate tools, making detection challenging.

📢 Upcoming WEBINAR on Building Effective Security Champion Programs.

Learn from industry leaders about creating a culture of collaboration & trust within your development teams.

Reserve your spot to watch this: https://thehacker.news/developer-security-champion

⚠️ Imagine your company's data exposed for $10 or less. That's the reality with infostealer #malware.

This alarming trend jeopardizes everything from bank details to internal credentials.

Learn how to protect your data ⬇️ https://thehackernews.com/2024/07/10000-victims-day-infostealer-garden-of.html

🔥 A leaked GitHub token could have granted admin access to critical repositories of the Python language, PyPI, and the PSF.

This incident could have led to a massive supply chain attack.

Learn more: https://thehackernews.com/2024/07/github-token-leak-exposes-pythons-core.html

🚨 CISA Adds GeoServer Flaw to KEV Catalog!

Critical RCE vulnerability CVE-2024-36401 is actively exploited, affecting all default GeoServer installations.

Read: https://thehackernews.com/2024/07/cisa-warns-of-actively-exploited-rce.html

Your geospatial data & systems are at severe risk of unauthorized access & manipulation.

Kaspersky, Russian cybersecurity giant, to exit U.S. market by July 20, 2024, following Commerce Department ban citing national security risks.

Read details: https://thehackernews.com/2024/07/kaspersky-exits-us-market-following.html

This move impacts thousands of U.S. businesses and individuals using Kaspersky products.

⚡ Alert: Void Banshee is actively exploiting a zero-day flaw in Microsoft MHTML to spread the Atlantida info-stealer.

CVE-2024-38112 threatens sensitive data across numerous platforms.

Learn about the attack chain: https://thehackernews.com/2024/07/void-banshee-apt-exploits-microsoft.html

Iranian state-sponsored hackers MuddyWater shift tactics, deploying new backdoor BugSleep in Middle East cyber attacks, moving away from using legitimate RMM tools.

Learn more: https://thehackernews.com/2024/07/iranian-hackers-deploy-new-bugsleep.html

Experts warn of an evolving threat landscape.

Malicious npm packages "img-aws-s3-object-multipart-copy" and "legacyaws-s3-object-multipart-copy" found with backdoor code; sophisticated attack using image files to conceal malicious code, urging developers to be extra cautious.

https://thehackernews.com/2024/07/malicious-npm-packages-found-using.html

Exploring DSPMs at Black Hat 2024?

With Sentra's DSPM:

✔️ Your data stays in your environment
✔️ There's no need to manually configure connections
✔️ Get continuous activity log monitoring & suspicious activities alert

Get a live demo: https://thn.news/sentra-black-hat-2024

Discover how the 'Konfety' ad fraud operation exploits Google Play Store apps, using a novel 'decoy/evil twin' mechanism to commit large-scale ad fraud

Read it here: https://thehackernews.com/2024/07/konfety-ad-fraud-uses-250-google-play.html

Learn cybersecurity risk management from the experts. Attend Georgetown's virtual sample class on July 26.

Sign up here: https://thn.news/georgetown-cyber-risk-li

🚨 Identity-based threats to SaaS apps are escalating!

A robust Identity Threat Detection & Response (ITDR) system can prevent massive breaches, such as the Snowflake incident.

Learn essential steps to strengthen your identity fabric & prevent breaches: https://thehackernews.com/2024/07/threat-prevention-detection-in-saas.html

⚠️ New Critical Flaw Alert: Apache HugeGraph-Server vulnerability (CVE-2024-27348) with a CVSS score of 9.8 is being actively exploited for remote code execution.

Learn more: https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html

Are your servers up-to-date?

🚨 Cybercrime group Scattered Spider is now using RansomHub and Qilin ransomware strains, according to Microsoft.

Learn about the evolving cybercrime landscape and new ransomware threats: https://thehackernews.com/2024/07/scattered-spider-adopts-ransomhub-and.html

China-linked APT17 targets Italian entities with 9002 RAT malware, utilizing spear-phishing attacks via Office documents and malicious links.

Understanding these tactics helps organizations anticipate and mitigate similar threats.

Read: https://thehackernews.com/2024/07/china-linked-apt17-targets-italian.html