Microsoft Azure HDInsight service had 8 XSS vulnerabilities. Learn how they could lead to data breaches, session hijacking attacks, and impact your organization.

Read: https://thehackernews.com/2023/09/researchers-detail-8-vulnerabilities-in.html

Identity is the New Endpoint: Mastering SaaS Security in the Modern Age

Dive deep into the future of SaaS security with Maor Bin, CEO of Adaptive Shield. Discover why identity is the new endpoint.

Secure your spot now: https://thehackernews.com/2023/09/webinar-identity-threat-detection.html

Russian journalist Galina Timchenko's iPhone was hacked with NSO Group's Pegasus spyware, using a zero-click exploit known as PWNYOURHOME.

Read: https://thehackernews.com/2023/09/russian-journalists-iphone-compromised.html

A high-severity Time-of-Check to Time-of-Use (TOCTOU) (CVE-2023-27470) in N-Able's Take Control Agent could give hackers SYSTEM privileges.

Find out how it works: https://thehackernews.com/2023/09/n-ables-take-control-agent.html

🚨 Attention Linux and macOS users!

Critical vulnerabilities in the ncurses library have been discovered. Find out how threat actors could elevate privileges and run malicious code.

Details: https://thehackernews.com/2023/09/microsoft-uncovers-flaws-in-ncurses.html

Linux Users Beware: A stealthy supply chain attack went undetected for 3+ years, stealing passwords and more.

Learn how a trusted "Free Download Manager" site turned malicious and distributed malware.

Read: https://thehackernews.com/2023/09/free-download-manager-site-compromised.html

🔒 Secure offboarding is essential in today's IT landscape. Learn about common pitfalls and how to avoid them in this must-read article.

Read: https://thehackernews.com/2023/09/avoid-these-5-it-offboarding-pitfalls.html

🚨 Critical security flaws discovered in Kubernetes could lead to remote code execution with elevated privileges on Windows endpoints within a cluster.

Learn more about CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955: https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html

Microsoft reveals Iranian nation-state actors' password spray attacks targeting the satellite, defense, and pharmaceutical sectors globally.

Learn more about this: https://thehackernews.com/2023/09/iranian-nation-state-actors-employ.html

Cybercriminals behind RedLine and Vidar info-stealers have shifted their focus towards ransomware, employing phishing campaigns and leveraging Extended Validation (EV) code signing certificates.

Read details: https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html

⚠️ Attention Facebook Business Users: Python-based NodeStealer #malware has returned. It now targets multiple web browsers to maliciously take over accounts.

Read: https://thehackernews.com/2023/09/nodestealer-malware-now-targets.html

IoT devices are reshaping our world, but also becoming targets for cyberattacks. Learn about IoT-driven DDoS attacks and how to defend against them in our latest article.

Read: https://thehackernews.com/2023/09/ddos-20-iot-sparks-new-ddos-alert.html

Google to Pay $93 Million in Location-Privacy Lawsuit Settlement! California Attorney General exposes Google's misleading practices.

Read details: https://thehackernews.com/2023/09/google-agrees-to-93-million-settlement.html

The rise in cybersecurity vulnerabilities is alarming! Discover the importance of automated threat intelligence in today's digital landscape.

Read: https://thehackernews.com/2023/09/the-interdependence-between-automated.html

TikTok faces a whopping €345 million fine for mishandling children's data in the E.U.

Default public settings, lack of transparency, and more led to this hefty penalty.

Learn more: https://thehackernews.com/2023/09/tiktok-faces-massive-345-million-fine.html

Major crypto hacks by Lazarus Group: Reports confirm $240M stolen since June 2023, with $31M swiped from CoinEx. Find out how they're shifting their focus.

Read: https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html

UNC3944 threat actor now turns to ransomware attacks, targeting critical systems. Understand their tactics, and learn how to protect your organization from this growing danger.

Read: https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html

Software firm Retool suffered a breach with 27 customer accounts hacked after an SMS-based attack.

Google Account sync blamed for the breach, turning multi-factor authentication to single-factor.

Result: $15M in stolen cryptocurrency.

Read: https://thehackernews.com/2023/09/retool-falls-victim-to-sms-based.html

Discover the evolution of Android banking trojans - 'Hook' inherits its powers from 'ERMAC.' How does it outperform its predecessor?

Read on: https://thehackernews.com/2023/09/hook-new-android-banking-trojan-that.html

💻💰 A new cryptojacking operation, AMBERSQUID, is exploiting uncommon AWS services like AWS Amplify, Fargate, and SageMaker.

Read: https://thehackernews.com/2023/09/new-ambersquid-cryptojacking-operation.html

Learn how they fly under the radar.

🔥 Data Leak Alert!

Microsoft accidentally exposed 38TB of private data, including secrets, keys, passwords, and 30K+ internal Teams messages, on AI #GitHub repository due to a security glitch.

Read more in this article: https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html