⚠️ North Korean-backed APT37 (aka InkySquid) has been observed delivering a never-before-seen backdoor, VeilShell, as part of stealthy state-sponsored cyberattacks targeting Southeast Asia.

Find details here: https://thehackernews.com/2024/10/north-korean-hackers-using-new.html

🔴 New stealthy #malware "Perfctl" is hitting Linux servers, running crypto miners & proxyjacking undetected. It exploits Polkit vulnerability (CVE-2021-4043) for privilege escalation & uses a rootkit to evade defense.

Details here: https://thehackernews.com/2024/10/new-perfctl-malware-targets-linux.html

As non-human identities outnumber human ones, they pose an escalating security risk. Learn why machine identity management is vital for modern cybersecurity.

Read: https://thehackernews.com/2024/10/the-secret-weakness-execs-are.html

Google is enhancing Android 14 security on Pixel devices to prevent 2G attacks and protect against baseband exploits. Baseband vulnerabilities expose devices to remote attacks, potentially compromising sensitive data.

Read: https://thehackernews.com/2024/10/android-14-adds-new-security-features.html

A major #vulnerability (CVE-2024-47374) in the LiteSpeed Cache WordPress plugin could allow attackers to execute arbitrary #JavaScript and hijack accounts.

Find details here: https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html

Patch now to protect your site.

The largest-ever DDoS attack just occurred—3.8 Tbps in just 65 seconds!

Is your CPU capacity prepared to filter massive attack traffic? Attackers leveraged compromised ASUS routers, a serious reminder to address CVE-2024-3080 now.

Read: https://thehackernews.com/2024/10/cloudflare-thwarts-largest-ever-38-tbps.html

The U.S. Department of Justice and #Microsoft have seized 107 domains used by Russia-linked COLDRIVER hackers to launch phishing attacks, frequently targeting experts in Russian affairs, #privacy advocates, and intelligence officials.

Read: https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html

Continuous Threat Exposure Management (CTEM) enables continuous protection by helping you prioritize threats with real-time data.

🔗Learn how CTEM fits into your cybersecurity framework: https://thehackernews.com/2024/10/how-to-get-going-with-ctem-when-you.html

Apple has released critical iOS and iPadOS updates addressing a vulnerability (CVE-2024-44204) that could expose your passwords via VoiceOver technology.

Read: https://thehackernews.com/2024/10/apple-releases-critical-ios-and-ipados.html

iPhone XS and later, plus iPads from the Pro, Air, and Mini series, are impacted.

Meta hit hard as Europe’s top court restricts #Facebook’s use of personal data for targeted ads, even with user consent.

Read > https://thehackernews.com/2024/10/eu-court-limits-metas-use-of-personal.html

This ruling pushes all companies to adopt more transparent, privacy-first data practices.

🚨 Just dropped the latest Cybersecurity Recap newsletter! Dive into:

—Record-breaking DDoS attacks 🌐
—Evil Corp & LockBit takedowns 🕵️‍♂️
—New North Korean malware 🦠
—700K+ routers vulnerable to attack 🚨

Read: https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats-and.html

Stay secure, stay informed!

🔐 Google will soon block unsafe #Android sideloading in India, targeting apps that abuse sensitive permissions.

Learn more: https://thehackernews.com/2024/10/google-blocks-unsafe-android-app.html

The pilot has already stopped nearly 900,000 high-risk installs in Southeast Asia, making it a vital fraud protection tool.

A critical security flaw in Apache Avro SDK (CVE-2024-47561) threatens large-scale data processing systems.

Ensure your systems are patched to avoid arbitrary code execution risks.

Details here: https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html

Meet Gorilla, a new Mirai-based botnet issuing 300,000+ attack commands in just one month.

It exploits an Apache Hadoop vulnerability to control IoT devices and cloud hosts long-term.

Discover more about its capabilities.: https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html

⚠️💸 API vulnerabilities and bot attacks are costing organizations up to $186 billion a year. Learn how to protect your digital infrastructure from these growing threats.

👉 Read more: https://thehackernews.com/2024/10/vulnerable-apis-and-bot-attacks-costing.html

🔐 Qualcomm releases urgent security updates, including a critical patch for CVE-2024-43047—a flaw currently being exploited in the wild.

Learn more 👉 https://thehackernews.com/2024/10/qualcomm-urges-oems-to-patch-critical.html

Qualcomm urges OEMs to deploy the update ASAP.

Ukraine claims a cyber attack on Russian state media VGTRK on Putin’s birthday. While VGTRK downplays damage, reports say hackers wiped servers, including backups—a warning for those relying on basic recovery plans.

Read: https://thehackernews.com/2024/10/pro-ukrainian-hackers-strike-russian.html

GoldenJackal strikes again—targeting high-profile, air-gapped networks in embassies and government entities with sophisticated #malware like JackalWorm.

Read: https://thehackernews.com/2024/10/goldenjackal-target-embassies-and-air.html

Use of USB drives to exfiltrate data underscores the importance of monitoring offline systems.

⚡ Cyber threat group "Awaken Likho" is targeting Russian government and industrial entities with spear-phishing attacks, disguising malicious files as Word or PDF documents to trick users.

Learn more: https://thehackernews.com/2024/10/cyberattack-group-awaken-likho-targets.html

🔑 Discover how AI-powered identity systems, like One Identity’s Vigilance AI™ Threat Engine, are transforming #cybersecurity by detecting behavioral anomalies and preventing credential-based attacks.

Find details here: https://thehackernews.com/2024/10/the-value-of-ai-powered-identity.html

A recent case study shows how a malicious redirect led shoppers to a fake "evil twin" checkout page, stealing their financial info. Learn how quick action saved a retailer from costly damage.

Read: https://thehackernews.com/2024/10/new-case-study-evil-twin-checkout-page.html