MITRE Corporation hit by nation-state attack exploiting zero-day flaws in Ivanti Connect Secure.

Read: https://thehackernews.com/2024/04/mitre-corporation-breached-by-nation.html

Companies use 53 (🤯) security solutions on average... yet still get breached. How can we bridge this gap?

Read the latest report: https://thehackernews.com/2024/04/penteras-2024-report-reveals-hundreds.html

Ransomware victims, beware of re-victimization!

Orange Cyberdefense finds some organizations are hit multiple times. Reasons include affiliate crossovers and data misuse. Learn how to protect your organization.

Read: https://thehackernews.com/2024/04/ransomware-double-dip-re-victimization.html

Kaspersky has uncovered a concerning threat actor, ToddyCat, targeting government and military entities.

This group employs a wide range of tools to maintain persistent access and steal data on an "industrial scale."

https://thehackernews.com/2024/04/russian-hacker-group-toddycat-uses.html

🔐 Software supply chain breaches are a ticking time bomb. Forget playing defense - it's time to take the offensive against supply chain attackers.

⚡ Join our next cybersecurity webinar to learn battle-tested strategies from the experts.

Register now: https://thehacker.news/supply-chain-threats

💻 Hackers linked to Russia have been exploiting a Windows bug for YEARS to deploy GooseEgg malware for escalating attack access.

More insights here... https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html

U.S. State Department imposed visa restrictions on 13 individuals linked to selling spyware for surveillance misuse targeting journalists, academics, and human rights defenders.

Read: https://thehackernews.com/2024/04/us-imposes-visa-restrictions-on-13.html

The Great Privacy Debate >>

European law enforcement agencies are deeply concerned about the widespread use of end-to-end encryption (E2EE), indicating it could severely hamper efforts to tackle online crimes like child abuse and terrorism.

https://thehackernews.com/2024/04/police-chiefs-call-for-solutions-to.html

Germany issues arrest warrants for 3 citizens accused of spying for China to obtain sensitive tech data that could aid Beijing's military capabilities.

Find details here: https://thehackernews.com/2024/04/german-authorities-issue-arrest.html

Lost revenue, angry customers, regulatory fines… cyberattacks have far-reaching consequences.

👉 Projected costs to hit $10.5 trillion by 2025
👉 88% of breaches due to human error

Get the full story and prepare: https://thehackernews.com/2024/04/unmasking-true-cost-of-cyberattacks.html

🚨 Researchers discovered a "dependency confusion" #vulnerability in an archived Apache project, Cordova App Harness.

Get all the details in our latest post: https://thehackernews.com/2024/04/apache-cordova-app-harness-targeted-in.html

A new malware campaign has been observed distributing three info-stealers—CryptBot, LummaC2, and Rhadamanthys—using CDN cache domains to avoid detection.

Read: https://thehackernews.com/2024/04/coralraider-malware-campaign-exploits.html

⚠️ Malware Alert: A sophisticated campaign called GuptiMiner is exploiting a vulnerability in eScan antivirus to distribute backdoors and crypto miners.

Read on to explore the potential state-sponsored ties: https://thehackernews.com/2024/04/escan-antivirus-update-mechanism.html

⚡ Major security flaws uncovered in popular Chinese keyboard apps, which could expose users' private keystrokes.

Over 1 billion people using Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi devices may be affected.

Details: https://thehackernews.com/2024/04/major-security-flaws-expose-keystrokes.html

IT offboarding is my favorite task! Said no one, ever.

Automate 90% of IT manual offboarding tasks with Nudge Security. Discover ALL SaaS identities and automate steps to revoke access, including OAuth grants and non-SSO accounts.

Get started here: https://thn.news/automated-it-offboarding-software

🕵️‍♂️ Heads up! Researchers have uncovered a sneaky attack delivering malware called SSLoad through phishing emails. This cunning malware infiltrates systems, steals sensitive data, and relays it back to the attackers.

Read: https://thehackernews.com/2024/04/researchers-detail-multistage-attack.html

U.S. Treasury Department has sanctioned two Iranian firms and four individuals for their involvement in malicious cyber activities targeting U.S. companies and government entities on behalf of the IRGC-CEC.

More details. 👇 https://thehackernews.com/2024/04/us-treasury-sanctions-iranian-firms-and.html

What to consider when evaluating tools to help activate & keep up with CTEM?🧐

We got your answers right here⬇️

Check out XM Cyber Buyer’s Guide to Meeting & Maintaining CTEM & start building consistent, actionable exposure remediation plans.

Dowload now: https://thn.news/ctem-buyers-guide

UPDATE — Airbus CERT releases Python scripts to scan for the critical CrushFTP flaw (CVE-2024-4040) that allows remote code execution. The zero-day has been exploited in attacks against U.S. entities.

Check: https://thehackernews.com/2024/04/critical-update-crushftp-zero-day-flaw.html

#infosec

New stealthy malware campaign exploits 2 ZERO-DAY flaws in Cisco devices, enabling covert data collection & reconnaissance by a state-sponsored actor.

Details: https://thehackernews.com/2024/04/state-sponsored-hackers-exploit-two.html

"Line Runner" and "Line Dancer" implants allow config changes and traffic capture.

U.S. Department of Justice arrested two founders of cryptocurrency mixer Samourai, seizing the service, for allegedly enabling over $2 billion in illegal transactions and laundering more than $100 million in criminal proceeds.

Learn more: https://thehackernews.com/2024/04/doj-arrests-founders-of-crypto-mixer.html