Researchers identified a #vulnerability in AWS CDK that may lead to account takeover, with over 1% of users at risk from predictable S3 bucket names.

The solution: update your CDK version and customize bucket names.

Read: https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html

Generative AI is revolutionizing phishing attacks, posing new challenges for #cybersecurity professionals.

Discover how to combat this evolving threat.

Read → https://thehackernews.com/2024/10/why-phishing-resistant-mfa-is-no-longer.html

A new advanced Qilin #ransomware variant, Qilin.B, features enhanced AES-256-CTR and RSA-4096 encryption, making recovery nearly impossible without the attackers' keys.

Read → https://thehackernews.com/2024/10/new-qilinb-ransomware-variant-emerges.html

⚖️ LinkedIn has been fined €310 million for breaching GDPR regulations concerning user #privacy.

DPC found #LinkedIn's processing lacked necessary user consent and transparency, which could set a precedent for other companies.

Read → https://thehackernews.com/2024/10/irish-watchdog-imposes-record-310.html

The SEC penalizes four companies—Avaya, Check Point, Mimecast, and Unisys—for misleading investors following the 2020 SolarWinds cyberattack.

Learn more: https://thehackernews.com/2024/10/sec-charges-4-companies-over-misleading.html

🔒 Apple has launched its Private Cloud Compute Virtual Research Environment (VRE) for security researchers to validate its #privacy and security claims.

It offers rewards between $50,000 and $1,000,000 for identifying flaws.

Read: https://thehackernews.com/2024/10/apple-opens-pcc-source-code-for.html

Attention: CVE-2024-41992 #vulnerability in Wi-Fi Test Suite could give attackers full control over Arcadyan routers. The flaw allows for command injection, enabling full administrative access.

Find details here → https://thehackernews.com/2024/10/researchers-discover-command-injection.html

🚨 Four members of the notorious REvil ransomware gang have been sentenced in Russia, a rare conviction in the cybercrime world.

Read 👉 https://thehackernews.com/2024/10/four-revil-ransomware-members-sentenced.html

⚠️ CERT-UA warns of a sophisticated email attack using RDP files to breach sensitive systems in Ukraine.

Read: https://thehackernews.com/2024/10/cert-ua-identifies-malicious-rdp-files.html

Explore the rise of AI impersonation fraud and its implications for cybersecurity.

Learn how to safeguard your organization against these emerging threats.

Read: https://thehackernews.com/2024/10/eliminating-ai-deepfake-threats-is-your.html

TeamTNT shifts tactics to target Docker environments for #cryptocurrency mining by exploiting exposed daemons to deploy malware and cryptominers.

Read: https://thehackernews.com/2024/10/notorious-hacker-group-teamtnt-launches.html

A new attack technique bypasses Microsoft's Driver Signature Enforcement on fully patched Windows systems, enabling attackers to load unsigned kernel drivers and compromising the integrity of OS security.

Learn more: https://thehackernews.com/2024/10/researchers-uncover-os-downgrade.html

A staggering 10-fold increase in phishing pages created with Webflow has been observed, targeting over 120 organizations globally.

Discover how to stay ahead of evolving threats: https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html

🦹‍♂️ AI manipulation, 🌩️ cloud storage flaws, and a major 💣 AWS vulnerability - this week's cybersecurity recap is packed!

https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_28.html

Don't let your friends and colleagues fall victim to the latest cyber threats. Share this newsletter with them, it's a must-read!

⚠️ Alert for developers - Three packages found to contain the BeaverTail #malware linked to North Korean cyber campaigns.

Find details here: https://thehackernews.com/2024/10/beavertail-malware-resurfaces-in.html

⚠️ Russian espionage group UNC5812 is using Telegram to deliver #malware designed to undermine military recruitment in Ukraine.

Threats like SUNSPINNER and CraxsRAT exploit vulnerabilities in #Android and Windows.

Read: https://thehackernews.com/2024/10/russian-espionage-group-targets.html

🚨 New OT security threats are emerging as ships and cranes become more digital.

Find out how SSH’s PrivX OT Edition can help tackle these challenges in marine and industrial operations.

Read: https://thehackernews.com/2024/10/sailing-seven-seas-securely-from-port.html

🚨 Evasive Panda has targeted a government entity in Taiwan with the newly discovered CloudScout toolset, capable of hijacking authenticated sessions to steal sensitive data from cloud services.

Read: https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html

New research reveals that AMD and Intel processors remain vulnerable to speculative execution attacks—more than six years after the Spectre flaw was identified, despite existing mitigations.

Learn more: https://thehackernews.com/2024/10/new-research-reveals-spectre.html

🛡️ The U.S. government has released new guidance on the Traffic Light Protocol (TLP) to enhance controlled sharing of threat intelligence, enabling organizations to protect sensitive data while responding to cyber threats.

Learn more: https://thehackernews.com/2024/10/us-government-issues-new-tlp-guidance.html

⚠️ Dutch National Police have disrupted RedLine and MetaStealer, two notorious information stealers.

Over 1,200 servers across multiple countries were involved, showcasing the vast infrastructure that supports these cyber threats.

Read: https://thehackernews.com/2024/10/dutch-police-disrupt-major-info.html