🔐 Qualcomm releases urgent security updates, including a critical patch for CVE-2024-43047—a flaw currently being exploited in the wild.

Learn more 👉 https://thehackernews.com/2024/10/qualcomm-urges-oems-to-patch-critical.html

Qualcomm urges OEMs to deploy the update ASAP.

Ukraine claims a cyber attack on Russian state media VGTRK on Putin’s birthday. While VGTRK downplays damage, reports say hackers wiped servers, including backups—a warning for those relying on basic recovery plans.

Read: https://thehackernews.com/2024/10/pro-ukrainian-hackers-strike-russian.html

GoldenJackal strikes again—targeting high-profile, air-gapped networks in embassies and government entities with sophisticated #malware like JackalWorm.

Read: https://thehackernews.com/2024/10/goldenjackal-target-embassies-and-air.html

Use of USB drives to exfiltrate data underscores the importance of monitoring offline systems.

⚡ Cyber threat group "Awaken Likho" is targeting Russian government and industrial entities with spear-phishing attacks, disguising malicious files as Word or PDF documents to trick users.

Learn more: https://thehackernews.com/2024/10/cyberattack-group-awaken-likho-targets.html

🔑 Discover how AI-powered identity systems, like One Identity’s Vigilance AI™ Threat Engine, are transforming #cybersecurity by detecting behavioral anomalies and preventing credential-based attacks.

Find details here: https://thehackernews.com/2024/10/the-value-of-ai-powered-identity.html

A recent case study shows how a malicious redirect led shoppers to a fake "evil twin" checkout page, stealing their financial info. Learn how quick action saved a retailer from costly damage.

Read: https://thehackernews.com/2024/10/new-case-study-evil-twin-checkout-page.html

🎮 Alert: Hackers are tricking GAMERS searching for cheats into downloading Lua-based malware, which stays hidden and delivers payloads like RedLine Stealer.

Learn how it works and how to stay safe: https://thehackernews.com/2024/10/gamers-tricked-into-downloading-lua.html

⚠️ WARNING: Ivanti’s CSA is under attack! Three new zero-day vulnerabilities are being actively exploited in the wild.

These flaws, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, allow attackers to bypass restrictions, execute arbitrary SQL, and gain remote code execution—all with admin privileges.

Find details here: https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html

⚠️ Microsoft warns of cyberattacks abusing OneDrive, SharePoint & Dropbox.

Hackers use “living-off-trusted-sites” (LOTS) to bypass defenses. View-only files trick users into sharing 2FA tokens, leading to BEC & financial fraud.

Learn more: https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html

👉 Microsoft has released patches for 118 vulnerabilities, two of which (CVE-2024-43572 and CVE-2024-43573) are being actively exploited in the wild.

Find details here: https://thehackernews.com/2024/10/microsoft-issues-security-update-fixing.html

Ensure your systems are protected—apply these patches ASAP!

New IoT regulations may force small manufacturers out of business, despite improving security. With 100+ new vulnerabilities daily, compliance costs are rising fast.

How will this impact cybersecurity? Read: https://thehackernews.com/expert-insights/2024/10/will-small-iot-device-oem-survive.html

Social media security is crucial for protecting your brand and finances. Poor governance can lead to unauthorized access and costly mistakes.

Learn how SSPM tools can help safeguard against unauthorized access and financial risks.

Read: https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html

🚨 Developers Under Attack!

A North Korean campaign, "Contagious Interview," is tricking job seekers with fake offers, leading to malware disguised as coding tasks.

Hackers use fake video conferencing apps to target both Windows & macOS.

Read: https://thehackernews.com/2024/10/n-korean-hackers-use-fake-interviews-to.html

⚠️ Multiple MMS protocol vulnerabilities pose a severe threat to industrial devices, potentially leading to crashes or remote code execution that could disrupt critical infrastructure.

Learn more: https://thehackernews.com/2024/10/researchers-uncover-major-security.html

#infosec

Google partners with GASA and DNS RF to launch the Global Signal Exchange (GSE), providing real-time insights into scam patterns to protect businesses from cybercrime.

Read: https://thehackernews.com/2024/10/google-joins-forces-with-gasa-and-dns.html

🚨 Warning: A critical #vulnerability (CVE-2024-9680) in Firefox is being actively exploited.

Don’t wait—ensure your browsers are updated now to protect against potential remote code execution.

Learn more: https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html

⚠️ Cyber Alerts:

—Fortinet CVE-2024-23113 actively exploited, patch by Oct 30!
—Palo Alto Expedition vulnerable to SQL & OS injection.
—Cisco patches critical bug in Nexus Dashboard Fabric Controller.

Read: https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html

Critical systems must be patched immediately.

🚨 New "Mongolian Skimmer" uses Unicode obfuscation to steal sensitive data from e-commerce sites!

It disables debugging tools & adapts to browsers, making it highly evasive.

Learn more: https://thehackernews.com/2024/10/cybercriminals-use-unicode-to-hide.html

🧐 SOC Analyst burnout is surging, with 80.8% expecting stress to worsen. AI-driven triage and response can ease the burden, allowing analysts to focus on higher-value tasks.

Discover how AI can lighten the load for your team: https://thehackernews.com/2024/10/6-simple-steps-to-eliminate-soc-analyst.html

A critical unpatched #vulnerability (CVE-2024-9441) in the Nice Linear eMerge E3 access controller has been uncovered, carrying a CVSS score of 9.8, with proof-of-concept exploits already circulating.

Learn more: https://thehackernews.com/2024/10/experts-warn-of-critical-unpatched.html

👩‍💻 OpenAI disrupts 20+ global deceptive operations exploiting AI models for advanced cyber activities like phishing, influence operations, and even election interference.

Learn more: https://thehackernews.com/2024/10/openai-blocks-20-global-malicious.html