Are you concerned about cyber attacks? You're not alone. Shockingly, a recent report reveals that 67% of businesses are leaving themselves vulnerable to hackers through bad password habits.

Don't be a sitting duck! Check out this report on how to level up your security game: https://thehackernews.com/2024/04/identity-in-shadows-shedding-light-on.html

🔐 Popular cloud CLI tools (AWS, Google Cloud, Azure) have a vulnerability ("LeakyCLI") exposing sensitive data in build logs.

Click to learn more: https://thehackernews.com/2024/04/aws-google-and-azure-cli-tools-could.html

TA558 hackers are using steganography to hide and distribute #malware like Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm in love-themed documents to target different industries.

Find out how: https://thehackernews.com/2024/04/ta558-hackers-weaponize-images-for-wide.html

#hacking #cybersecurity

Security researchers uncover a "credible" takeover attempt on the OpenJS Foundation, mirroring a recent incident with XZ Utils.

Read: https://thehackernews.com/2024/04/openjs-foundation-targeted-in-potential.html

⚠️ Researchers warn of a global increase in TOR-based brute-force attacks targeting VPNs, web applications, and SSH services.

Details: https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html

🚨 If you use Fortinet FortiClient EMS, patch NOW.

Researchers have uncovered a new malicious campaign exploiting a vulnerability in Fortinet FortiClient EMS devices, deploying ScreenConnect and Metasploit.

https://thehackernews.com/2024/04/hackers-exploit-fortinet-flaw-deploy.html

🚨 Alert: Hackers are exploiting a critical vulnerability (CVE-2023-22518) in Atlassian servers to gain admin access and deploy a Linux variant of Cerber ransomware.

More info here: https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html

⚡ Announcing the Cyber Sentinel Skills Challenge – a new cyber skills competition from the Department of Defense with $15,000 in cash prizes.

All skill levels are welcome!

Apply to compete: https://thn.news/dod-cybersentinel-challenge

AI = awesome productivity, OR scary security threat? Maybe both!

Software companies rush to integrate generative AI (GenAI) into products, but security vulnerabilities can't be ignored.

Read about GenAI risks: https://thehackernews.com/2024/04/genai-new-headache-for-saas-security.html

🚨 A new stealthy backdoor malware called Kapeka, likely created by Russia's APT group Sandworm, has been targeting Eastern Europe, including Estonia and Ukraine.

Learn more about this cyber threat: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html

Want to make sure your Active Directory isn’t a welcome mat for attackers?

Then grab your copy of the new XM Cyber Active Directory Security Best Practices Checklist – and make sure you’re keeping your organization’s AD safe from threats.

Download ➟ https://thn.news/active-directory-security-checklist

🛑 Hackers are using fake domains of popular IP scanners like Advanced IP Scanner & ManageEngine in a Google Ads malvertising scheme to spread the MadMxShell backdoor – 45+ domains created since November 2023.

Learn more: https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html

⚠️ Heads up, Kubernetes users! Hackers have found a way into OpenMetadata and are using your resources to mine cryptocurrencies.

Find out more: https://thehackernews.com/2024/04/hackers-exploit-openmetadata-flaws-to.html

Patch your systems ASAP!

Global law enforcement cracked down on LabHost phishing service!

"Operation Nebulae" arrested 32 individuals, including UK masterminds. LabHost ran 40,000 domains, victimizing over 94,000 in Australia.

Details here: https://thehackernews.com/2024/04/global-police-operation-disrupts.html

🚨 New #Android malware "SoumniBot" targets users in South Korea by exploiting unique evasion tactics.

Find out how it slips through security cracks 👇
https://thehackernews.com/2024/04/new-android-trojan-soumnibot-evades.html

💀 Concerned about malware in PDFs or Office docs?

Sandbox analysis reveals threats (macros, suspicious images, & more) before you click.

🔥 Discover the power of static analysis: https://thehackernews.com/2024/04/how-to-conduct-advanced-static-analysis.html

🛑 Beware: Cybercrime group FIN7 targets U.S. automotive industry with phishing scams to deploy Carbanak #malware.

Read details: https://thehackernews.com/2024/04/fin7-cybercrime-group-targeting-us-auto.html

OfflRouter malware has flown under the radar since 2015, infecting .DOC files within Ukrainian gov networks and leading to potentially confidential documents being exposed.

Details: https://thehackernews.com/2024/04/offlrouter-malware-evades-detection-in.html

🛠️ Ransomware won't wait, and neither should you.

Discover how Zerto’s Continuous Data Protection can dial back to seconds before an attack, ensuring minimal data loss.

Interested in how it works? Click to learn more: https://thehackernews.com/2024/04/recover-from-ransomware-in-5-minuteswe.html

A new threat, 'DuneQuixote', targets Middle Eastern governments with sophisticated evasion tactics and uses a sneaky cross-platform backdoor called CR4T.

🔗 Details here: https://thehackernews.com/2024/04/hackers-target-middle-east-governments.html

Akira ransomware group has extorted approximately $42 MILLION from over 250 global victims. It is now expanding its reach to target Linux, and VMware ESXi systems.

Read: https://thehackernews.com/2024/04/akira-ransomware-gang-extorts-42.html