⚠️ Google’s Mandiant reveals Iranian APT UNC1860 is acting as an initial access broker, using tools like TEMPLEPLAY & VIROGREEN to infiltrate high-priority networks.

Learn more about their methods: https://thehackernews.com/2024/09/iranian-apt-unc1860-linked-to-mois.html

👉 Microsoft 365 launches a new backup solution to combat #ransomware, enabling rapid recovery. Read more to learn how this could impact your data protection strategy.

Read: https://thehackernews.com/expert-insights/2024/09/the-microsoft-365-backup-game-just.html

⚠️ Your PAM solution may be missing 80% of your critical credentials—SSH keys, leaving businesses vulnerable. Here’s what cybersecurity professionals need to know.

Read: https://thehackernews.com/2024/09/passwordless-and-keyless-future-of.html

🛑 Phishing-as-a-service platform iServer taken down after affecting 483,000 victims globally. Law enforcement continues to crack down on credential theft targeting mobile devices.

Learn more: https://thehackernews.com/2024/09/europol-shuts-down-major-phishing.html

🔒 Ukraine has banned Telegram on official devices for government, military, and critical infrastructure workers due to national security concerns. The app is being used for #cyberattacks, phishing, and intelligence gathering.

Read: https://thehackernews.com/2024/09/ukraine-bans-telegram-use-for.html

LinkedIn halts U.K. data processing for AI training after ICO concerns, signaling a key shift in data privacy.

Cybersecurity pros, take note—regulations are tightening quickly.

Read: https://thehackernews.com/2024/09/linkedin-halts-ai-data-processing-in-uk.html

Hacktivist group Twelve is targeting Russian orgs with destructive attacks, wiping data with no ransom demands.

Using tools like Cobalt Strike & Mimikatz, they exploit valid accounts & RDP, putting even secure companies at risk.

Read: https://thehackernews.com/2024/09/hacktivist-group-twelve-targets-russian.html

Earth Baxia, an APT group likely from China, has launched a sophisticated campaign exploiting a critical vulnerability (CVE-2024-36401) in GeoServer GeoTools to target APAC governments and industries.

Learn more: https://thehackernews.com/2024/09/chinese-hackers-exploit-geoserver-flaw.html

Developers, beware! Poisoned Python packages are being used by North Korean attackers to spread PondRAT malware, compromising both #Linux and macOS systems.

Learn more: https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html

🔐 Discord introduces DAVE, its custom end-to-end encryption (E2EE) protocol for voice and video calls.

Learn more: https://thehackernews.com/2024/09/discord-introduces-dave-protocol-for.html

However, text messages remain unencrypted, meaning they are still vulnerable to content moderation and other risks.

🚨 Critical flaw (CVE-2024-7490) in Microchip's ASF may allow remote code execution in IoT devices.

CERT/CC’s advisory warns it could be widespread, impacting ASF v3.52.0.2574 and earlier.

Read: https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html

Catch up on last week's top #cybersecurity stories—from dismantling the Raptor Train botnet and uncovering vulnerabilities through a $20 domain to North Korean phishing attacks and Apple’s legal U-turn.

Read: https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top.html

⚡ Telegram has agreed to provide users' IP addresses and phone numbers to authorities in response to valid legal requests. This decision comes after increased pressure, following the arrest of CEO Pavel Durov.

Read: https://thehackernews.com/2024/09/telegram-agrees-to-share-user-data-with.html

🚨 New version of the Android banking trojan Octo2 spotted!

With enhanced Device Takeover (DTO) capabilities, it can remotely control devices to steal financial data & commit fraud undetected.

Read: https://thehackernews.com/2024/09/new-octo2-android-banking-trojan.html

Is it time to ditch the 90-day password reset?

Frequent changes can lead to weak passwords like Password1 ➡️ Password2, increasing security risks. Even strong passwords aren’t foolproof as attackers exploit reuse & breaches.

Learn why 'never expire' might expose your business: https://thehackernews.com/2024/09/why-never-expire-passwords-can-be-risky.html

🚨 Kaspersky has officially pulled out of the U.S. market, unexpectedly replacing its antivirus software with UltraAV for some users. Many users have raised concerns about this unannounced transition.

Learn more: https://thehackernews.com/2024/09/kaspersky-exits-us-automatically.html

🚨 WEBINAR ALERT: Software Supply Chain Security 101 🚨

Join ReversingLabs on September 25th @ 12pm ET for a crash course on the technical tactics of software supply chain compromises and learn how to assess the risks posed by commercial software.

https://thn.news/supply-chain-security-101

🔥 Anyrun just released Safebrowsing — a new service that lets you quickly explore URLs in an isolated virtual browser.

🛡️ It notifies you about threats and has a friendly interface, perfect for users with any expertise level.

Give it a try, it's free👇 https://thn.news/malware-analysis-sandbox-1

The U.S. Department of Commerce is proposing a ban on connected vehicles with software and hardware from foreign adversaries like China and Russia.

The ban impacts VCS and ADS tech in vehicles and could take full effect by 2027-2030.

Read: https://thehackernews.com/2024/09/us-proposes-ban-on-connected-vehicles.html

⚠️ SaaS Data Leaks Are Rising! Attacks on platforms like Azure and Snowflake expose sensitive records.

Misconfigurations and weak passwords make you vulnerable. An SSPM can detect gaps, monitor permissions, and mitigate threats in real-time.

Explore: https://thehackernews.com/2024/09/the-sspm-justification-kit.html

Altered Android apps on Google Play, like Wuta Camera (10M+ downloads), spread new Necro malware.

It can run malicious code, subscribe to paid services, and create device tunnels. Necro uses steganography to hide, evading detection.

https://thehackernews.com/2024/09/necro-android-malware-found-in-popular.html