⚠️ Cyber Alert: Cybercriminals are exploiting swap files on compromised e-commerce sites to hide credit card skimmers, bypassing cleanup attempts.

Find details here: https://thehackernews.com/2024/07/magento-sites-targeted-with-sneaky.html

🚨 Researchers identified FrostyGoop, a new ICS-focused malware, attacking a Ukrainian energy firm and disrupting services to over 600 buildings.

It can manipulate Industrial Control Systems, posing a serious threat to critical infrastructure.

Read: https://thehackernews.com/2024/07/new-ics-malware-frostygoop-targeting.html

Temporary passwords during onboarding are a ticking time bomb for many organizations. Often shared insecurely, these passwords expose systems to cyber threats.

Discover about innovative solutions for enhancing cybersecurity from day one: https://thehackernews.com/2024/07/how-to-securely-onboard-new-employees.html

⚠️ New Threat! Beijing-affiliated hacking group Daggerfly targets Taiwan and U.S. NGO in China with upgraded malware tools, exploiting Apache HTTP server vulnerabilities.

Read here: https://thehackernews.com/2024/07/chinese-hackers-target-taiwan-and-us.html

This affects organizations operating in sensitive geopolitical areas.

vPenTest automates network penetration testing for IT teams, helping organizations find exploitable vulnerabilities before the bad guys do!

💰 Costs 50% less than manual tests
⏰ Test monthly, not yearly
📊 PCI & HIPAA compliant reports

🔥 Get a FREE Trial > https://thn.news/vptest-free-trial

🚨 CISA adds two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation evidence—a decade-old Microsoft IE flaw (CVE-2012-4792) and a recent Twilio Authy vulnerability (CVE-2024-39891).

Immediate action is required for Federal agencies to mitigate these threats by August 13, 2024.

Read: https://thehackernews.com/2024/07/cisa-adds-twilio-authy-and-ie-flaws-to.html

🚨 A significant security flaw in Microsoft Defender SmartScreen was exploited to deliver info-stealers like ACR Stealer, Lumma, and Meduza.

CVE-2024-21412, rated 8.1 on the CVSS, allowed attackers to bypass protections.

Learn more: https://thehackernews.com/2024/07/microsoft-defender-flaw-exploited-to.html

CrowdStrike's Post-Incident Review reveals Friday's widespread Windows crashes stemmed from flawed Rapid Response Content update. Millions of devices running Falcon Sensor 7.11+ affected.

Read details: https://thehackernews.com/2024/07/crowdstrike-explains-friday-windows.html

⚠️ Security Alert: Patchwork hacker group has targeted entities tied to Bhutan, using the Brute Ratel C4 framework and an updated PGoShell backdoor for the first time.

Read details here: https://thehackernews.com/2024/07/patchwork-hackers-target-bhutan-with.html

A new zero-day vulnerability called EvilVideo allowed attackers to disguise malicious files as videos. This exploit surfaced on underground forums.

Find details here: https://thehackernews.com/2024/07/telegram-app-flaw-exploited-to-spread.html

Update your Telegram app now and disable automatic media downloads.

Gartner predicts that by 2025, lack of talent or human failure will cause more than 50% of significant cyber incidents.

The solution? Workflow automation.

Get the Essential Guide to Workflow Automation from Tines for an in-depth look into:

💡 The evolution of workflow automation and AI
💡 Common misconceptions about automation (and debunking them)
💡 Best practices for finding success with automation - including insights from Mars and Elastic

Get the guide today to learn how your security team can use AI-powered workflow automation to its full potential, to improve incident readiness and operate more efficiently.

Read the guide now: https://thn.news/workflow-sec-guide

🔎 If you're looking for a malware sandbox with free unlimited access to Windows 10 x64 VM, try ANYRUN

It not only detects threat in <40s, but also lets you interact with your samples and the VM

Sign up and launch your analysis ➡️ https://thn.news/malware-analysis-sandbox

Critical Alert! Pro-Houthi hackers are targeting humanitarian organizations in Yemen with sophisticated Android spyware, posing severe risks to aid efforts and security.

Get the full report and stay protected: https://thehackernews.com/2024/07/pro-houthi-group-targets-yemen-aid.html

🚀 🔒 SaaS tools boost productivity but also expand the attack surface. Nudge Security offers a solution: discover app usage, compare security profiles, and manage costs effectively.

Details here: https://thehackernews.com/2024/07/how-to-reduce-saas-spend-and-risk.html

Empower your team with better insights and governance.

🔐 New Threat! Play ransomware has evolved to target Linux-based VMware ESXi environments, potentially broadening its attack range and victim count.

Secure your systems against this new variant: https://thehackernews.com/2024/07/new-linux-variant-of-play-ransomware.html

Stay Alert! The LATAM-based FLUXROOT group is exploiting Google Cloud for phishing attacks targeting Mercado Pago users.

Protect your accounts now: https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html

Always double-check links and use strong, unique passwords.

🔔 Tired of Endless Security Questionnaires?

There's a Solution!

SafeBase's Trust Center transforms this process by automating responses and eliminating unnecessary back-and-forth, reducing your workload significantly.

Learn more: https://thehackernews.com/2024/07/how-trust-center-solves-your-security.html

🔔 Google Chrome introduces new security warnings for suspicious downloads.

Users can now send encrypted files with passwords for deep scans, ensuring comprehensive threat detection.

Update Chrome and activate Enhanced Protection: https://thehackernews.com/2024/07/new-chrome-feature-scans-password.html

Critical flaw found in Docker Engine allows attackers to bypass authorization plugins (AuthZ) - CVE-2024-41110, CVSS score 10.0.

This vulnerability can lead to severe privilege escalation, affecting numerous Docker versions.

Find details here: https://thehackernews.com/2024/07/critical-docker-engine-flaw-allows.html

ISC has released patches for multiple vulnerabilities in BIND 9 DNS software.

These flaws could be exploited to cause a DoS condition, impacting server performance and availability.

Read: https://thehackernews.com/2024/07/cisa-warns-of-exploitable.html

Researchers have disclosed a critical vulnerability, ConfusedFunction, impacting Google Cloud Functions.

This vulnerability could allow attackers to access and manipulate other services and sensitive data without authorization.

Learn more: https://thehackernews.com/2024/07/experts-expose-confusedfunction.html