Beware the IDOR Flaw!

Cybersecurity agencies in Australia and the U.S. have issued a joint advisory warning about IDOR security flaws in web apps that can lead to data breaches.

Learn more about it here: https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html

Over 5,000 instances are vulnerable to potential attacks!

Metabase users, pay attention! An "extremely severe" flaw [CVE-2023-38646] has been discovered in the popular BI & data visualization software.

Find details here: https://thehackernews.com/2023/07/major-security-flaw-discovered-in.html

Russian hacker group BlueBravo strikes again!

New backdoor "GraphicalProton" used to target diplomatic entities in Eastern Europe.

Read details: https://thehackernews.com/2023/07/bluebravo-deploys-graphicalproton.html

Malicious actors are exploiting a legitimate Windows search feature to download arbitrary payloads and compromise systems with RATs like AsyncRAT and Remcos RAT.

Learn more about this novel attack technique: https://thehackernews.com/2023/07/hackers-abusing-windows-search-feature.html

Security Research team at Checkmarx found an attack scenario affecting major car manufacturers like Porsche.

Read on to learn how it could lead to data exfiltration: https://thehackernews.com/2023/07/a-data-exfiltration-attack-scenario.html

💻 Korean-speaking individuals are under attack by STARK#MULE. Hackers are using U.S. Military-themed document lures to spread malware and compromise systems.

Learn more: https://thehackernews.com/2023/07/starkmule-targets-koreans-with-us.html

New Threat Alert!

Latest findings reveal that the IcedID malware is getting even more dangerous with updates to its BackConnect module for post-compromise activity on hacked systems.

Learn more: https://thehackernews.com/2023/07/icedid-malware-adapts-and-expands.html

📢 Attention admins!

Ivanti discloses another flaw (CVE-2023-35081) in Endpoint Manager Mobile (EPMM) that is being exploited by malicious actors to gain sensitive info & execute OS commands.

Read: https://thehackernews.com/2023/07/ivanti-warns-of-another-endpoint.html

Update to the latest version now.

🚨 Threat Alert!

U.S. cybersecurity agency CISA has revealed details of "SUBMARINE," a novel persistent backdoor deployed in the Barracuda Email Security Gateway (ESG) hack.

Learn more about this here: https://thehackernews.com/2023/07/hackers-deploy-submarine-backdoor-in.html

🚨 Important News for App Developers!

Apple announces a crucial update requiring developers to provide reasons for using certain APIs in their apps, promoting responsible data collection and preventing tracking.

Read details: https://thehackernews.com/2023/07/apple-sets-new-rules-for-developers-to.html

Beware of CherryBlos, a new Android malware targeting cryptocurrency wallets.

🚨 This clever malware uses OCR to extract info from images and swap wallet addresses.

Learn more: https://thehackernews.com/2023/07/new-android-malware-cherryblos.html

Stay alert!

🔓 Urgent: Protect your WordPress site now! Critical security update required for Ninja Forms plugin. Over 800,000 sites at risk from vulnerabilities CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393.

Get the full scoop here: https://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html

Alert: New Malware campaign!

Beware! Cybercriminals are spreading trojanized software through fake websites. Their goal? Infecting innocent users with the malicious Fruity downloader malware.

Stay informed: https://thehackernews.com/2023/07/fruity-trojan-uses-deceptive-software.html

🚨 Beware of AVRecon botnet! It exploits compromised routers for illegal proxy services.

With 41,000 nodes in 20 countries, it's a major threat to online security.

Discover its connection to the 12-year-old SocksEscort service used by cybercriminals: https://thehackernews.com/2023/07/avrecon-botnet-leveraging-compromised.html

🔒 Cybersecurity Alert - Indian-linked Patchwork hackers strike Chinese universities and research organizations with the notorious EyeShell backdoor!

Read https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html

P2PInfect peer-to-peer (P2) worm has been observed using previously undocumented methods to gain initial access to vulnerable Redis servers and recruit them into a botnet.

Learn more here ➡️ https://thehackernews.com/2023/07/new-p2pinfect-worm-targets-redis.html

A sophisticated malware loader known as WikiLoader is currently being utilized to target Italian organizations with Ursnif banking trojan and spyware.

Read: https://thehackernews.com/2023/08/cybercriminals-renting-wikiloader-to.html

China-linked cyber threat group APT31 strikes again! Last year, they targeted Eastern European industrial organizations to steal data from air-gapped systems using 15+ implants.

Read more about it here: https://thehackernews.com/2023/08/chinas-apt31-suspected-in-attacks-on.html

New report uncovers Space Pirates, a cybercriminal group attacking 16 organizations in Russia and Serbia. Targets include aerospace, defense, energy, healthcare, and more.

Learn more: https://thehackernews.com/2023/08/researchers-expose-space-pirate-cyber.html

Warning: European banks and customers are currently under attack! The SpyNote Android banking trojan is causing chaos, launching aggressive phishing and smishing campaigns.

Read the full article here: https://thehackernews.com/2023/08/european-bank-customers-targeted-in.html

Beware! There's a Python variant of the NodeStealer malware that is currently hijacking Facebook business accounts and stealing cryptocurrency.

Get all the details here: https://thehackernews.com/2023/08/new-nodestealer-targeting-facebook.html