⚠️ Critical VMware vCenter vulnerability (CVE-2024-38812) may allow remote code execution. Cybercriminals can exploit it with crafted packets, posing serious risks.

Learn more: https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html

Make sure you’re not the next victim—patch your systems today.

GSMA is bringing end-to-end encryption (E2EE) to the RCS protocol, ensuring secure messaging between Android and iOS users.

Read: https://thehackernews.com/2024/09/gsma-plans-end-to-end-encryption-for.html

Google Chrome's latest update enhances user privacy and security with improved Safety Check, one-time permissions, and easier notification management.

Learn more: https://thehackernews.com/2024/09/chrome-introduces-one-time-permissions.html

North Korean cyber-espionage group UNC2970 is now targeting aerospace and energy sectors using job-themed phishing lures to deliver a new backdoor, MISTPEN.

Learn more about the techniques: https://thehackernews.com/2024/09/north-korean-hackers-target-energy-and.html

Pentesting is now automated—more affordable and efficient than traditional methods. Daily security checks at a fraction of the cost make strong cybersecurity accessible to all.

Is your org ready for automated PT?

Read: https://thehackernews.com/2024/09/why-pay-pentester.html

A Chinese engineer has been indicted for spear-phishing NASA and major universities in a multi-year cyberattack targeting aerospace software.

Read: https://thehackernews.com/2024/09/chinese-engineer-charged-in-us-for.html

🛑 Researchers have uncovered "Raptor Train," a botnet of over 200,000 compromised IoT devices, powered by a Chinese nation-state actor, Flax Typhoon.

Learn more: https://thehackernews.com/2024/09/new-raptor-train-iot-botnet-compromises.html

⚠️ GitLab has released urgent patches for a critical CVSS 10.0 #vulnerability in both CE and EE versions, targeting a flaw in the ruby-saml library that could enable an authentication bypass.

Read details here & act fast: https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html

Microsoft warns of a new ransomware strain, INC, being used by financially motivated threat actor "Vanilla Tempest" to attack the U.S. healthcare sector.

Learn more: https://thehackernews.com/2024/09/microsoft-warns-of-new-inc-ransomware.html

If you’re working in cybersecurity, particularly in healthcare, stay informed.

🚨 Cryptojacking Alert: TeamTNT is back, targeting CentOS-based VPS servers!

Their cryptojacking attacks steal resources, disable security features (SELinux, AppArmor), delete logs, and hide via the Diamorphine rootkit.

Details: https://thehackernews.com/2024/09/new-teamtnt-cryptojacking-campaign.html

Secure your systems now

Explore the growing threat of cyberattacks on healthcare, where poor cybersecurity hygiene risks patient safety.

Learn how ransomware halts critical care and strategies to improve healthcare cybersecurity and prevent breaches.

Read: https://thehackernews.com/2024/09/healthcares-diagnosis-is-critical-cure.html

⚠️ SambaSpy, a new multifunctional RAT, targets Italian users in a phishing campaign by suspected Brazilian attackers.

This malware can control everything from file systems to webcams, making it a powerful tool for cybercriminals.

Details: https://thehackernews.com/2024/09/new-brazilian-linked-sambaspy-malware.html

Hackers are targeting the construction sector by brute-forcing their way into FOUNDATION Accounting Software, leveraging default credentials. With access to MS SQL Server via port 4243, attackers are exploiting weak security measures.

Details: https://thehackernews.com/2024/09/hackers-exploit-default-credentials-in.html

🚨 Alert: Critical Security Flaw (CVE-2024-8963) in Ivanti CSA Under Active Exploitation!

This vulnerability allows unauthenticated attackers to bypass admin authentication and execute arbitrary commands.

Details: https://thehackernews.com/2024/09/critical-ivanti-cloud-appliance.html

Google has just launched a Password Manager PIN feature that allows users to sync passkeys seamlessly across Windows, macOS, #Linux, ChromeOS, and Android.

Learn more: https://thehackernews.com/2024/09/chrome-users-can-now-sync-passkeys.html

⚠️ Google’s Mandiant reveals Iranian APT UNC1860 is acting as an initial access broker, using tools like TEMPLEPLAY & VIROGREEN to infiltrate high-priority networks.

Learn more about their methods: https://thehackernews.com/2024/09/iranian-apt-unc1860-linked-to-mois.html

👉 Microsoft 365 launches a new backup solution to combat #ransomware, enabling rapid recovery. Read more to learn how this could impact your data protection strategy.

Read: https://thehackernews.com/expert-insights/2024/09/the-microsoft-365-backup-game-just.html

⚠️ Your PAM solution may be missing 80% of your critical credentials—SSH keys, leaving businesses vulnerable. Here’s what cybersecurity professionals need to know.

Read: https://thehackernews.com/2024/09/passwordless-and-keyless-future-of.html

🛑 Phishing-as-a-service platform iServer taken down after affecting 483,000 victims globally. Law enforcement continues to crack down on credential theft targeting mobile devices.

Learn more: https://thehackernews.com/2024/09/europol-shuts-down-major-phishing.html

🔒 Ukraine has banned Telegram on official devices for government, military, and critical infrastructure workers due to national security concerns. The app is being used for #cyberattacks, phishing, and intelligence gathering.

Read: https://thehackernews.com/2024/09/ukraine-bans-telegram-use-for.html

LinkedIn halts U.K. data processing for AI training after ICO concerns, signaling a key shift in data privacy.

Cybersecurity pros, take note—regulations are tightening quickly.

Read: https://thehackernews.com/2024/09/linkedin-halts-ai-data-processing-in-uk.html