Attention businesses! A sneaky campaign is targeting Zimbra email servers for login credentials. Learn about the ongoing threat and its stealthy strategy.

Read: https://thehackernews.com/2023/08/new-wave-of-attack-campaign-targeting.html

Power of Machine Learning - Supercharge your Zero Trust strategy!

NDR + Machine Learning = the ultimate dynamic duo. These algorithms don't rely on old "Indicators of Compromise" (IoCs) – they learn and evolve to nab new, evolving threat.

Read: https://thehackernews.com/2023/08/the-vulnerability-of-zero-trust-lessons.html

In a coordinated operation across 25 African nations, INTERPOL-AFRIPOL arrested 14 individuals in a crackdown on cybercrime. Over $40M losses linked to 20,674 cyber networks.

Read details: https://thehackernews.com/2023/08/14-suspected-cybercriminals-arrested.html

How are hackers getting around malware detection?

They're using sneaky unsupported compression methods in Android APK files to evade detection!

These undetectable apps, with 3,300 cases found, are harder to analyze.

Details: https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html

Juniper Networks released an "out-of-cycle" security patch for Junos OS.

J-Web component flaws have a CVSS rating of 9.8/10, making them a 'Critical' watch-out!

Read details: https://thehackernews.com/2023/08/new-juniper-junos-os-flaws-expose.html

Attackers could remotely execute code by chaining these vulnerabilities.

Sophisticated WoofLocker toolkit update hides malicious JavaScript in PNG images, tricks users with fake tech support scams using advanced fingerprinting and redirection mechanisms.

Read: https://thehackernews.com/2023/08/wooflocker-toolkit-hides-malicious.html

HiatusRAT malware creators return, targeting Taiwan-based orgs & U.S. military procurement system.

Upgraded malware now supports multiple architectures & hosted on new VPSs.

Read details: https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html

Malware-infected Windows & macOS machines are now being used as proxy exit nodes, allowing threat actors to reroute requests.

Read: https://thehackernews.com/2023/08/this-malware-turned-thousands-of-hacked.html

A high-severity flaw in WinRAR could let hackers remotely run code on Windows systems.

Learn more about CVE-2023-40477: https://thehackernews.com/2023/08/new-winrar-vulnerability-could-allow.html

Critical security flaw (CVE-2023-26359) in Adobe ColdFusion added to CISA's catalog of known exploited vulnerabilities.

Read: https://thehackernews.com/2023/08/critical-adobe-coldfusion-flaw-added-to.html

Affects ColdFusion 2018 and 2021. Patched by Adobe in March, but active exploitation evidence is concerning.

Beware #macOS users! A sneaky variant of the XLoader malware hides inside an app called "OfficeNote."

Think you're boosting productivity? You might be compromising security!

Read details: https://thehackernews.com/2023/08/new-variant-of-xloader-macos-malware.html

Carderbee, a new threat cluster, is targeting organizations in Hong Kong and Asia.

The breach uses software supply chain attacks and a Microsoft signed certificate to fetch PlugX from a remote server.

Read more: https://thehackernews.com/2023/08/carderbee-attacks-hong-kong.html

Beware Roblox developers! Malicious packages on the npm repository have been found. These imposters are deploying Luna Token Grabber to snatch credentials.

Read details: https://thehackernews.com/2023/08/over-dozen-malicious-npm-packages.html

🛡️ Beware of Spacecolon! This malicious tool is spreading Scarab ransomware globally. France, Mexico, Poland, Slovakia, Spain, and Turkey are among the top targets.

Read detais: https://thehackernews.com/2023/08/spacecolon-toolset-fuels-global-surge.html

A Syrian threat actor, EVLF, has been identified as the developer of malware tools CypherRAT and CraxsRAT. These tools can control a device's camera, location, and mic remotely.

Read details: https://thehackernews.com/2023/08/syrian-threat-actor-evlf-unmasked-as.html

Meta is set to support end-to-end encryption for Messenger chats by year-end. Meta redesigned over 100 Messenger features to keep your chats both safe and seamless.

Read: https://thehackernews.com/2023/08/meta-set-to-enable-default-end-to-end.html

FBI alerts of a potential cash out by North Korean actors, linked to $40M in stolen cryptocurrency. This group is currently holding 1,580 bitcoins from various crypto heists across six wallets.

Read details: https://thehackernews.com/2023/08/north-korean-affiliates-suspected-in.html

Agile isn't just for devs anymore! Watch how an attacker develops and releases malware iterations targeting cloud credentials.

Learn more: https://thehackernews.com/2023/08/agile-approach-to-mass-cloud-credential.html

The U.S. Justice Department indicts two founders of Tornado Cash, a cryptocurrency mixer service, for laundering over $1 billion in criminal proceeds.

Read details: https://thehackernews.com/2023/08/tornado-cash-founders-charged-in.html

🔥 Thousands of Openfire XMPP servers remain unpatched against a high-severity flaw, CVE-2023-32315, exposing them to exploits.

Read details: https://thehackernews.com/2023/08/thousands-of-unpatched-openfire-xmpp.html

Don't wait – update now to prevent potential breaches.

🚨 Heads up! The recent WinRAR vulnerability was exploited as a zero-day since April to compromise traders' devices and withdraw money from broker accounts.

Read: https://thehackernews.com/2023/08/winrar-security-flaw-exploited-in-zero.html