🛑 Researchers have uncovered "Raptor Train," a botnet of over 200,000 compromised IoT devices, powered by a Chinese nation-state actor, Flax Typhoon.

Learn more: https://thehackernews.com/2024/09/new-raptor-train-iot-botnet-compromises.html

⚠️ GitLab has released urgent patches for a critical CVSS 10.0 #vulnerability in both CE and EE versions, targeting a flaw in the ruby-saml library that could enable an authentication bypass.

Read details here & act fast: https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html

Microsoft warns of a new ransomware strain, INC, being used by financially motivated threat actor "Vanilla Tempest" to attack the U.S. healthcare sector.

Learn more: https://thehackernews.com/2024/09/microsoft-warns-of-new-inc-ransomware.html

If you’re working in cybersecurity, particularly in healthcare, stay informed.

🚨 Cryptojacking Alert: TeamTNT is back, targeting CentOS-based VPS servers!

Their cryptojacking attacks steal resources, disable security features (SELinux, AppArmor), delete logs, and hide via the Diamorphine rootkit.

Details: https://thehackernews.com/2024/09/new-teamtnt-cryptojacking-campaign.html

Secure your systems now

Explore the growing threat of cyberattacks on healthcare, where poor cybersecurity hygiene risks patient safety.

Learn how ransomware halts critical care and strategies to improve healthcare cybersecurity and prevent breaches.

Read: https://thehackernews.com/2024/09/healthcares-diagnosis-is-critical-cure.html

⚠️ SambaSpy, a new multifunctional RAT, targets Italian users in a phishing campaign by suspected Brazilian attackers.

This malware can control everything from file systems to webcams, making it a powerful tool for cybercriminals.

Details: https://thehackernews.com/2024/09/new-brazilian-linked-sambaspy-malware.html

Hackers are targeting the construction sector by brute-forcing their way into FOUNDATION Accounting Software, leveraging default credentials. With access to MS SQL Server via port 4243, attackers are exploiting weak security measures.

Details: https://thehackernews.com/2024/09/hackers-exploit-default-credentials-in.html

🚨 Alert: Critical Security Flaw (CVE-2024-8963) in Ivanti CSA Under Active Exploitation!

This vulnerability allows unauthenticated attackers to bypass admin authentication and execute arbitrary commands.

Details: https://thehackernews.com/2024/09/critical-ivanti-cloud-appliance.html

Google has just launched a Password Manager PIN feature that allows users to sync passkeys seamlessly across Windows, macOS, #Linux, ChromeOS, and Android.

Learn more: https://thehackernews.com/2024/09/chrome-users-can-now-sync-passkeys.html

⚠️ Google’s Mandiant reveals Iranian APT UNC1860 is acting as an initial access broker, using tools like TEMPLEPLAY & VIROGREEN to infiltrate high-priority networks.

Learn more about their methods: https://thehackernews.com/2024/09/iranian-apt-unc1860-linked-to-mois.html

👉 Microsoft 365 launches a new backup solution to combat #ransomware, enabling rapid recovery. Read more to learn how this could impact your data protection strategy.

Read: https://thehackernews.com/expert-insights/2024/09/the-microsoft-365-backup-game-just.html

⚠️ Your PAM solution may be missing 80% of your critical credentials—SSH keys, leaving businesses vulnerable. Here’s what cybersecurity professionals need to know.

Read: https://thehackernews.com/2024/09/passwordless-and-keyless-future-of.html

🛑 Phishing-as-a-service platform iServer taken down after affecting 483,000 victims globally. Law enforcement continues to crack down on credential theft targeting mobile devices.

Learn more: https://thehackernews.com/2024/09/europol-shuts-down-major-phishing.html

🔒 Ukraine has banned Telegram on official devices for government, military, and critical infrastructure workers due to national security concerns. The app is being used for #cyberattacks, phishing, and intelligence gathering.

Read: https://thehackernews.com/2024/09/ukraine-bans-telegram-use-for.html

LinkedIn halts U.K. data processing for AI training after ICO concerns, signaling a key shift in data privacy.

Cybersecurity pros, take note—regulations are tightening quickly.

Read: https://thehackernews.com/2024/09/linkedin-halts-ai-data-processing-in-uk.html

Hacktivist group Twelve is targeting Russian orgs with destructive attacks, wiping data with no ransom demands.

Using tools like Cobalt Strike & Mimikatz, they exploit valid accounts & RDP, putting even secure companies at risk.

Read: https://thehackernews.com/2024/09/hacktivist-group-twelve-targets-russian.html

Earth Baxia, an APT group likely from China, has launched a sophisticated campaign exploiting a critical vulnerability (CVE-2024-36401) in GeoServer GeoTools to target APAC governments and industries.

Learn more: https://thehackernews.com/2024/09/chinese-hackers-exploit-geoserver-flaw.html

Developers, beware! Poisoned Python packages are being used by North Korean attackers to spread PondRAT malware, compromising both #Linux and macOS systems.

Learn more: https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html

🔐 Discord introduces DAVE, its custom end-to-end encryption (E2EE) protocol for voice and video calls.

Learn more: https://thehackernews.com/2024/09/discord-introduces-dave-protocol-for.html

However, text messages remain unencrypted, meaning they are still vulnerable to content moderation and other risks.

🚨 Critical flaw (CVE-2024-7490) in Microchip's ASF may allow remote code execution in IoT devices.

CERT/CC’s advisory warns it could be widespread, impacting ASF v3.52.0.2574 and earlier.

Read: https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html

Catch up on last week's top #cybersecurity stories—from dismantling the Raptor Train botnet and uncovering vulnerabilities through a $20 domain to North Korean phishing attacks and Apple’s legal U-turn.

Read: https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top.html