🚨 Attention - A new social engineering campaign is targeting enterprises with spam emails to gain initial access. The threat actor overwhelms users' email and calls them, offering assistance to resolve the issue.

Learn more: https://thehackernews.com/2024/05/ongoing-campaign-bombarded-enterprises.html

🔐 Researchers uncover critical vulnerabilities in Cacti, a popular open-source network monitoring tool. Don't wait, update your instances to version 1.2.27 today.

More info in the article.: https://thehackernews.com/2024/05/critical-flaws-in-cacti-framework-could.html

🔒 Is your organization's cybersecurity at risk due to human users? Discover the importance of advanced authentication measures and how to avoid common implementation mistakes.

Learn more: https://thehackernews.com/2024/05/6-mistakes-organizations-make-when.html

🛑 Attention VMware users.

Multiple security flaws discovered in Workstation (17.x) and Fusion (13.x). Don't wait, update now to stay protected.

Read details: https://thehackernews.com/2024/05/vmware-patches-severe-security-flaws-in.html

🚨 Attention - Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.

Find out how threat actors could gain domain admin privileges and create stealthy persistence mechanisms.

Read details: https://thehackernews.com/2024/05/microsoft-patches-61-flaws-including.html

Alexey Pertsev, co-founder of Tornado Cash, sentenced to 5+ years in prison by Dutch court. The crypto mixer service was sanctioned by the U.S. for facilitating money laundering.

Read details here: https://thehackernews.com/2024/05/dutch-court-sentences-tornado-cash-co.html

🔒 Linux server admins, beware:

Ebury malware botnet has hijacked 400,000 servers since 2009 for cybercriminal activities.

Details: https://thehackernews.com/2024/05/ebury-botnet-malware-compromises-400000.html

🕵️‍♂️ New Russian cyberespionage backdoors discovered.

LunarWeb and LunarMail targeted a European ministry of foreign affairs and its diplomatic missions.

Learn more about these stealthy threats and how they operate: https://thehackernews.com/2024/05/turla-group-deploys-lunarweb-and.html

Moving to Microsoft Azure from VMware vSphere?

Plan, Migrate, Validate... This guide covers all you need to know - from assessing your environment to post-migration validation.

Find out more: https://thehackernews.com/2024/05/its-time-to-master-lift-shift-migrating.html

ANYRUN, a malware sandbox for interactive analysis, announced its 8th Birthday Special Offer 🎁

New and current users can get 6 months of service or extra Enterprise-tier licenses for free.

Learn more ➡️ https://thn.news/anyrun-malware-sandbox

🔒 Attention cybersecurity professionals.

The Common Vulnerability Scoring System (CVSS) v4.0 is here, replacing the 8-year-old CVSS v3.0.

Discover how this update enhances vulnerability assessment & helps you strengthen your cyber resilience.

Read: https://thehackernews.com/2024/05/get-cyber-resilient-with-cvss.html

🔒 Google Play Protect just got smarter with live threat detection.

Android 15 introduces new features to prevent malicious apps from capturing your sensitive data.

Find out more about these crucial updates: https://thehackernews.com/2024/05/android-15-introduces-new-features-to.html

🔐 Google announced new privacy & security features for Android devices:

✅ Offline Device Lock
✅ Factory Reset Upgrade
✅ Private Space Enhanced
✅ AI-Powered Theft Detection

Details here: https://thehackernews.com/2024/05/google-adds-ai-powered-theft-protection.html

BREAKING - BreachForums, a notorious online bazaar for stolen data, has been seized by law enforcement agencies for the second time in a year.

The FBI has taken control of its #Telegram channel as well.

Read on > https://thehackernews.com/2024/05/fbi-seizes-breachforums-again-urges.html

🚨 Google has addressed nine security issues in its Chrome browser, including a new zero-day exploit (CVE-2024-4947) that has been actively exploited in the wild.

Learn more: https://thehackernews.com/2024/05/google-patches-yet-another-actively.html

Don't wait – update your browser now.

⚠️ Cybercriminals are exploiting Microsoft's Quick Assist tool to target users in social engineering attacks and deploy Black Basta ransomware.

Learn more: https://thehackernews.com/2024/05/cybercriminals-exploiting-microsofts.html

🕵️‍♀️ Security and IT teams, listen up!

Reviewing new and existing OAuth grants programmatically is crucial for catching risky activity or overly-permissive scopes.

Learn best practices for investigating grants in this article: https://thehackernews.com/expert-insights/2024/05/how-to-investigate-oauth-grant-for.html

Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family. These vulnerabilities could allow ransomware attacks or data tampering.

Learn more: https://thehackernews.com/2024/05/researchers-uncover-11-security-flaws.html

Every SaaS account created by your employees represents a new “identity” with unique permissions, security settings & risks and many app owners sit outside of IT, meaning security controls could be overlooked.

Learn how Nudge Security can help: https://thn.news/saas-identity-governance

⚠️ North Korea-linked Kimsuky hacking group has launched a new social engineering attack using fake Facebook accounts to target individuals via Messenger.

Learn more: https://thehackernews.com/2024/05/north-korean-hackers-exploit-facebook.html

At Georgetown, gain the tactical skills to plan for and respond to information security threats. Attend this June 7 webinar.

Save your seat: https://thn.news/georgetown-cybersec-webinar-li