🔐 Apple has released urgent patches to address multiple vulnerabilities in iOS, iPadOS, macOS, tvOS, watchOS, and Safari.

This includes a critical 0-day bug (CVE-2023-38606) actively exploited in the wild.

https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html

Make sure to update your devices ASAP!

⚠️ Attention IT Admins — Ivanti warns of a zero-day vulnerability (CVE-2023-35078) in Endpoint Manager Mobile (EPMM) software.

Read details: https://thehackernews.com/2023/07/ivanti-releases-urgent-patch-for-epmm.html

Patch ASAP to protect against unauthorized access and data breaches.

⚠️ Atlassian addresses critical vulnerabilities (CVE-2023-22505, CVE-2023-22508 and CVE-2023-22506) in Confluence Server, Data Center, and Bamboo Data Center.

Read: https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html

Update now to protect against remote code execution attacks.

⚡ A serious security flaw has been found in AMD's Zen 2 processors, putting sensitive data at risk!

Discover the details of Zenbleed (CVE-2023-20593) – a speculative execution attack that allows data exfiltration at 30 kb/core/second.

Read: https://thehackernews.com/2023/07/zenbleed-new-flaw-in-amd-zen-2.html

🚨 TETRA:BURST — A series of critical vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard used by government entities and critical infrastructure worldwide, including a potential intentional backdoor!

Details: https://thehackernews.com/2023/07/tetraburst-5-new-vulnerabilities.html

🦠 New banking malware alert!

Casbaneiro threat actors are evolving their tactics to avoid detection. A User Account Control (UAC) bypass technique grants them full admin privileges on compromised machines.

Read: https://thehackernews.com/2023/07/casbaneiro-banking-malware-goes-under.html

Did you know? 57% of Apple users still believe that malware does not exist on macOS.

Cyber threats are real, even for Mac users! Hackers are targeting Apple devices with dangerous malware like Geacon and MacStealer.

Learn more: https://thehackernews.com/2023/07/macos-under-attack-examining-growing.html

💪 Be informed, use strong passwords, and keep your software updated.

North Korean state actors linked to the RGB have been identified in the JumpCloud hack! An OPSEC mistake exposed their IP address.

Find details here: https://thehackernews.com/2023/07/north-korean-nation-state-actors.html

The new report also uncovers the use of malicious Ruby scripts and payloads like FULLHOUSE.DOORED, STRATOFEAR, and TIEDYE.

🚨 Heads up, network admins!

MikroTik RouterOS vulnerability (CVE-2023-30799) exposes 500,000+ systems to potential exploitation!

Read: https://thehackernews.com/2023/07/critical-mikrotik-routeros.html

Upgrade to RouterOS 6.49.8 or 7.x ASAP!

🚨 Security Alert: A new malware family called Realst is targeting Apple macOS systems, including macOS 14 Sonoma! Written in Rust programming language, it empties cryptocurrency wallets & steals passwords.

Find details here: https://thehackernews.com/2023/07/rust-based-realst-infostealer-targeting.html

FraudGPT, the latest cybercrime AI tool, is being sold on dark web marketplaces and Telegram channels. It is claimed that it can create undetectable malware and craft convincing phishing emails.

Read: https://thehackernews.com/2023/07/new-ai-tool-fraudgpt-emerges-tailored.html

🚨 ALERT: Fenix, a Mexico-based cybercrime group, is targeting taxpayers in Mexico and Chile by cloning official tax portals to steal sensitive data.

Read: https://thehackernews.com/2023/07/fenix-cybercrime-group-poses-as-tax.html

Decoy Dog, a powerful malware, outperforms the Pupy RAT, featuring previously unknown capabilities. It can maintain communication with compromised machines and evade detection for extended periods.

Read details: https://thehackernews.com/2023/07/decoy-dog-new-breed-of-malware-posing.html

🚨 Info stealing malware on the rise! Learn the modus operandi, tactics, propagation methods of info stealers in this latest whitepaper.

Read: https://thehackernews.com/2023/07/the-alarming-rise-of-infostealers-how.html

🔒 U.S. Securities and Exchange Commission (SEC) just approved new rules mandating publicly traded companies to disclose cyberattacks with "material" impact on their finances within 4 days of identification.

Read: https://thehackernews.com/2023/07/new-sec-rules-require-us-companies-to.html

Group-IB co-founder & CEO Ilya Sachkov gets 14 years in prison over accusations of providing classified info to foreign intelligence.

Read: https://thehackernews.com/2023/07/group-ib-co-founder-sentenced-to-14.html

Beware of the new campaign targeting Apache Tomcat Servers.

Researchers detected 800+ attacks, with 96% linked to the Mirai botnet. Threat actors exploit weak security to deliver malware & crypto miners.

Read: https://thehackernews.com/2023/07/hackers-target-apache-tomcat-servers.html

Researchers warn of Nitrogen, a malvertising campaign infecting enterprise networks via Google Search and Bing ads. Targets users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP.

Read details: https://thehackernews.com/2023/07/new-malvertising-campaign-distributing.html#cybersecurity

Measure, Improve, and Automate! Unlock the true potential of shift-left and learn how it empowers your teams, aligns goals, measures progress, and democratizes security knowledge.

Read: https://thehackernews.com/2023/07/the-4-keys-to-building-cloud-security.html

🚨 Heads up, Ubuntu users!

Researchers have discovered high-severity Linux flaws in the Ubuntu kernel, affecting 40% of users!

Learn about GameOver(lay) vulnerabilities CVE-2023-32629 and CVE-2023-2640: https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html

Beware the IDOR Flaw!

Cybersecurity agencies in Australia and the U.S. have issued a joint advisory warning about IDOR security flaws in web apps that can lead to data breaches.

Learn more about it here: https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html