⚡ Phishing attacks are becoming harder to spot. Learn about key phishing indicators and discover effective ways to identify and mitigate these threats using advanced tools like ANYRUN.

Read: https://thehackernews.com/2024/09/expert-tips-on-how-to-spot-phishing-link.html

🔥 Mozilla's new Firefox browser feature, Privacy Preserving Attribution (PPA), is under fire for enabling tracking 👀 without user consent.

While it claims to protect privacy, watchdogs argue it violates EU's GDPR.

Learn more: https://thehackernews.com/2024/09/mozilla-faces-privacy-complaint-for.html

🔐 Google’s transition to Rust programming language has led to a staggering drop in memory safety vulnerabilities in Android—from 76% to just 24% over six years!

Learn more: https://thehackernews.com/2024/09/googles-shift-to-rust-programming-cuts.html

⚠️ Beijing-sponsored Salt Typhoon, also known as GhostEmperor, has been caught infiltrating U.S. Internet Service Providers, potentially compromising Cisco routers.

Read: https://thehackernews.com/2024/09/chinese-hackers-infiltrate-us-internet.html

The campaign's goal: to establish long-term access for data exfiltration or worse.

🛑 SloppyLemming hacker group is using cloud services to run espionage campaigns in South & East Asia, targeting gov, law enforcement, & energy sectors.

Spear-phishing & credential harvesting are key attack methods.

Learn more: https://thehackernews.com/2024/09/cloudflare-warns-of-india-linked.html

🚨 SilentSelfie: Kurdish websites hit by prolonged watering hole attack, stealing sensitive data from journalists & activists.

Malicious APKs capture locations & files without persistence, making detection tougher.

Learn more: https://thehackernews.com/2024/09/watering-hole-attack-on-kurdish-sites.html

⚠️ North Korea's Kimsuky group deploys new malware—KLogEXE & FPSpy—enhancing their ability to infiltrate systems with advanced keylogging & file exfiltration.

Learn more: https://thehackernews.com/2024/09/n-korean-hackers-deploy-new-klogexe-and.html

⚠️ Kia vehicles had critical vulnerabilities allowing remote control with just a license plate!

Attackers could seize control in 30 seconds, accessing sensitive data and executing commands like unlocking the car.

Find details here: https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html

CVSS alone isn’t enough! Security teams need a smarter way to prioritize vulnerabilities.

EPSS predicts exploitation risk within 30 days, helping teams focus on real threats.

Learn how this model can sharpen your risk mitigation strategies: https://thehackernews.com/2024/09/epss-vs-cvss-whats-best-approach-to.html

A newly disclosed #vulnerability in NVIDIA Container Toolkit (CVSS 9.0) could allow attackers to escape containers and gain full access to the underlying host.

Find details here: https://thehackernews.com/2024/09/critical-nvidia-container-toolkit.html

Ensure you're running v1.16.2 to mitigate the risk.

U.S. and Dutch authorities have sanctioned two cryptocurrency exchanges, Cryptex and PM2BTC, for facilitating the laundering of illicit funds linked to cybercrime, ransomware, and fraud shops.

Learn more: https://thehackernews.com/2024/09/us-sanctions-two-crypto-exchanges-for.html

🔧 Legacy SIEM systems are failing to keep up with the modern threat landscape—too many alerts, not enough time.

Learn about a fresh approach to tackling legacy SIEM challenges in our upcoming ⚡ webinar.

Save your spot now: https://thehackernews.com/2024/09/overloaded-with-siem-alerts-discover.html

⚠️ HTML smuggling is delivering DCRat malware, bypassing traditional security controls by embedding malicious payloads in HTML files. This advanced technique poses a global threat to unsuspecting users.

Read: https://thehackernews.com/2024/09/new-html-smuggling-campaign-delivers.html

🔐 Learn how weak credentials and over-privileged accounts are being exploited in the latest Storm-0501 #ransomware attacks targeting hybrid cloud infrastructures.

Read details here > https://thehackernews.com/2024/09/microsoft-identifies-storm-0501-as.html

🚨 New CUPS vulnerabilities in Linux allow attackers to execute remote commands via print jobs! Affected systems include Debian, Fedora, RHEL.

Find details of CVE-2024-47176 here: https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html

Disable ‘cups-browsed’ & block UDP port 631 until patches arrive.

🚀 Cybersecurity certifications are becoming essential for professionals to stand out in the competitive job market. With 37% of certified pros seeing salary boosts, they’re a smart career & financial investment.

Stay ahead—explore certifications: https://thehackernews.com/2024/09/cybersecurity-certifications-gateway-to.html

Ransomware attackers are using human-driven intrusions that mimic normal user behavior, making detection harder. Penetration testing, combining human expertise and automation, helps identify vulnerabilities before attackers strike.

Learn more: https://thehackernews.com/2024/09/how-to-plan-and-prepare-for-penetration.html

⚠️ Progress Software has released critical updates to patch six vulnerabilities in WhatsUp Gold, two of which carry a CVSS score of 9.8. Patch your systems before attackers exploit these flaws.

Read: https://thehackernews.com/2024/09/progress-software-releases-patches-for.html

Three Iranian hackers linked to the IRGC are accused of targeting U.S. officials and political campaigns using spear-phishing and social engineering.

The U.S. government is offering up to $10M for information leading to their arrest.

Read: https://thehackernews.com/2024/09/us-charges-three-iranian-nationals-for.html

⚡ A fake "WalletConnect" app on Android stole over $70,000 in 💸 cryptocurrency before being pulled from Google Play, with 10,000+ downloads and 150+ victims.

Learn more: https://thehackernews.com/2024/09/crypto-scam-app-disguised-as.html

Stay alert and protect your assets from DeFi scams!

Meta faces a €91 million GDPR fine for storing Facebook and Instagram user passwords in plaintext.

Meta failed to report the breach promptly and did not document these incidents correctly—a clear GDPR violation.

Read details: https://thehackernews.com/2024/09/meta-fined-91-million-for-storing.html