Mallox ransomware surges 174% in 2023, employing double extortion tactics by stealing data before encryption.

Read: https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html

Targeting manufacturing, legal services, and retail sectors, they exploit vulnerable MS-SQL servers as a primary penetration vector.

⚠️ Alert! New security flaws in AMI MegaRAC BMC software have been disclosed, putting vulnerable servers at risk. Attackers could remotely take control and deploy malware.

Details here: https://thehackernews.com/2023/07/critical-flaws-in-ami-megarac-bmc.html

U.S. cybersecurity agency warns of a critical flaw (CVE-2023-3519) in Citrix NetScaler ADC and Gateway devices being exploited by hackers to drop web shells on vulnerable systems.

Learn more: https://thehackernews.com/2023/07/citrix-netscaler-adc-and-gateway.html

DDoS botnets are exploiting the CVE-2023-28771 vulnerability in Zyxel devices to gain remote control and launch devastating attacks.

Learn more: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

DDoS botnets are exploiting the CVE-2023-28771 vulnerability in Zyxel devices to gain remote control and launch devastating attacks.

Learn more: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

Protecting local governments from ransomware attacks is crucial! Implementing robust password policies is a step towards enhanced security. Check out tools like Specops Password Policy to keep your organization safe!

Read: https://thehackernews.com/2023/07/local-governments-targeted-for.html

Beware of BundleBot, a stealthy malware strain that's stealing sensitive info from compromised hosts! It spreads through Facebook Ads, cleverly disguised as regular programs, AI tools, or games.

Read: https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html

🚨 HotRat, a dangerous variant of the AsyncRAT malware, is spreading through pirated versions of popular software and games.

Read: https://thehackernews.com/2023/07/hotrat-new-variant-of-asyncrat-malware.html

Chinese nation-state actor Storm-0558's attack on Microsoft's email infrastructure is more extensive than previously believed. Researchers at Wiz reveal the scope, which included forging access tokens for various Azure AD applications!

Read: https://thehackernews.com/2023/07/azure-ad-token-forging-technique-in.html

🔒 Apple takes a strong stand for data security & privacy, warning it might stop offering iMessage and FaceTime in the U.K. rather than compromise on encryption, opposing new digital surveillance proposals.

Details: https://thehackernews.com/2023/07/apple-threatens-to-pull-imessage-and.html

⚠️ Researchers uncover first-ever open-source software supply chain attacks targeting banks!

🏦 Malware authors posed as employees, tricked users with preinstall scripts, and cleverly used Azure's CDN subdomains.

Read details: https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html

🔒 Heads up, techies! A new vulnerability (CVE-2023-38408) has been uncovered in OpenSSH that can enable attackers to execute arbitrary commands remotely.

Don't wait—update now and keep your system secure.

Read: https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html

📢 Google announces support for cross-platform end-to-end encryption 🔒 with MLS protocol on its 💬 messages service for Android. Secure communication, regardless of the messaging platform used.

Read details here: https://thehackernews.com/2023/07/google-messages-getting-cross-platform.html

Zero-day vulnerabilities (CVE-2023-26077 and CVE-2023-26078) found in Atera remote monitoring software's Windows Installers can lead to privilege escalation attacks.

Read details: https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html

🔐 Apple has released urgent patches to address multiple vulnerabilities in iOS, iPadOS, macOS, tvOS, watchOS, and Safari.

This includes a critical 0-day bug (CVE-2023-38606) actively exploited in the wild.

https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html

Make sure to update your devices ASAP!

⚠️ Attention IT Admins — Ivanti warns of a zero-day vulnerability (CVE-2023-35078) in Endpoint Manager Mobile (EPMM) software.

Read details: https://thehackernews.com/2023/07/ivanti-releases-urgent-patch-for-epmm.html

Patch ASAP to protect against unauthorized access and data breaches.

⚠️ Atlassian addresses critical vulnerabilities (CVE-2023-22505, CVE-2023-22508 and CVE-2023-22506) in Confluence Server, Data Center, and Bamboo Data Center.

Read: https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html

Update now to protect against remote code execution attacks.

⚡ A serious security flaw has been found in AMD's Zen 2 processors, putting sensitive data at risk!

Discover the details of Zenbleed (CVE-2023-20593) – a speculative execution attack that allows data exfiltration at 30 kb/core/second.

Read: https://thehackernews.com/2023/07/zenbleed-new-flaw-in-amd-zen-2.html

🚨 TETRA:BURST — A series of critical vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard used by government entities and critical infrastructure worldwide, including a potential intentional backdoor!

Details: https://thehackernews.com/2023/07/tetraburst-5-new-vulnerabilities.html

🦠 New banking malware alert!

Casbaneiro threat actors are evolving their tactics to avoid detection. A User Account Control (UAC) bypass technique grants them full admin privileges on compromised machines.

Read: https://thehackernews.com/2023/07/casbaneiro-banking-malware-goes-under.html

Did you know? 57% of Apple users still believe that malware does not exist on macOS.

Cyber threats are real, even for Mac users! Hackers are targeting Apple devices with dangerous malware like Geacon and MacStealer.

Learn more: https://thehackernews.com/2023/07/macos-under-attack-examining-growing.html

💪 Be informed, use strong passwords, and keep your software updated.