Multiple security flaws have been disclosed in open source and freemium Document Management Systems (DMS) from four vendors.

Researchers said the vulnerabilities offer a way for attackers to control the organization.

Read: https://thehackernews.com/2023/02/unpatched-security-flaws-disclosed-in.html

🚨 NIST has chosen Ascon, a family of authenticated 🔒 encryption and hashing algorithms, to be standardized for IoT and other lightweight electronics with limited resources.

Details: https://thehackernews.com/2023/02/nist-standardizes-ascon-cryptographic.html

OpenSSL project releases patches for multiple security flaws, including a high-severity vulnerability (CVE-2023-0286) in the widely used 🔒 encryption toolkit.

Details: https://thehackernews.com/2023/02/openssl-fixes-multiple-new-security.html

Gootkit malware is now targeting healthcare and financial organizations in the US, UK & Australia by using a new method of deployment that involves large payloads to avoid detection & post-infection frameworks Cobalt Strike & SystemBC.

https://thehackernews.com/2023/02/gootkit-malware-adopts-new-tactics-to.html

A new cyber threat group known as "NewsPenguin" has been linked to a phishing attack aimed at marine-related entities in Pakistan and using the PIMEC-23 conference as a lure to trick victims.

Details: https://thehackernews.com/2023/02/newspenguin-threat-actor-emerges-with.html

🔥 THN Webinar

Register now to secure your spot and gain a comprehensive understanding of cyber insurance protection, and new identity protection requirements.

Details: https://thehackernews.com/2023/02/thn-webinar-learn-how-to-comply-with.html

Alert: 38 security vulnerabilities found in Wireless Industrial IoT devices from 4 different vendors.

Hackers can exploit these flaws to gain access to internal OT networks and infiltrate critical infrastructure.

Read: https://thehackernews.com/2023/02/critical-infrastructure-at-risk-from.html

Reddit has suffered a security breach, with unidentified threat actors accessing internal documents, code, and some internal business systems.

Read: https://thehackernews.com/2023/02/reddit-suffers-security-breach-exposing.html

7 Russian nationals have been sanctioned by the governments of the United Kingdom and the United States for their involvement in the TrickBot, Ryuk, and Conti cybercrime operations.

Read: https://thehackernews.com/2023/02/uk-and-us-sanction-7-russians-for.html

North Korean hackers are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities.

Read: https://thehackernews.com/2023/02/north-korean-hackers-targeting.html

Researchers have uncovered four new malicious packages in the Python Package Index (PyPI) that sneak malware onto developers' systems and manipulate their SSH authorized_keys.

Read: https://thehackernews.com/2023/02/researchers-uncover-obfuscated.html

Researchers issue warning for latest threat to cryptocurrency users - Enigma malware, Vector stealer, and TgToxic trojan.

Read: https://thehackernews.com/2023/02/enigma-vector-and-tgtoxic-new-threats.html

Game of cat and mouse continues...

Following CISA's release of a decryption tool for ESXiArgs ransomware, cybercriminals have upgraded the malware to encrypt more data with stronger encryption methods.

Learn more: https://thehackernews.com/2023/02/new-esxiargs-ransomware-variant-emerges.html

Researchers are tracking a new financially motivated threat actor, TA866, which has been active since October 2022 and using custom hacking tools like WasabiSeed and Screenshotter to attack U.S. and German organizations.

Learn more: https://thehackernews.com/2023/02/hackers-targeting-us-and-german-firms.html

Chinese Tonto Team just suffered a defeat in their latest hack attempt on cybersecurity firm Group-IB.

Learn more: https://thehackernews.com/2023/02/chinese-tonto-team-hackers-second.html

Cybersecurity for operational technology is crucial in protecting industrial control systems from attacks.

Learn how deception technology is making a difference: https://thehackernews.com/2023/02/honeypot-factory-use-of-deception-in.html

Honeypots like Conpot, XPOT, and CryPLH can simulate protocols and improve threat detection.

An unknown threat actor created malicious game modes for the Dota 2 MOBA video game that could have been exploited to establish backdoor access to players' systems, exploiting a high-severity flaw in the V8 JavaScript engine.

Learn more: https://thehackernews.com/2023/02/hackers-create-malicious-dota-2-game.html

⚡ Apple has released URGENT security updates to address a new ZERO-DAY vulnerability (CVE-2023-23529) discovered in WebKit that attackers are exploiting in the wild.

Learn more: https://thehackernews.com/2023/02/patch-now-apples-ios-ipados-macos-and.html

Update iOS, iPadOS, macOS systems & Safari immediately to stay protected.

Holy moly! Cloudflare thwarted a massive DDoS attack that peaked at over 71 million requests per second, setting a new record for HTTP attacks.

Learn more: https://thehackernews.com/2023/02/massive-http-ddos-attack-hits-record.html

Microsoft has linked an emerging threat cluster, DEV-0147, to a China-based cyberespionage group that is utilizing ShadowPad and QuasarLoader to infiltrate diplomatic entities in South America.

Learn more: https://thehackernews.com/2023/02/chinese-hackers-targeting-south.html

🚨 Attention all Windows users: Microsoft has released 75 new software security updates, including fixes for 3 actively exploited vulnerabilities.

Learn more: https://thehackernews.com/2023/02/update-now-microsoft-releases-patches.html