π¨ OvrC cloud platformβs critical security flaws (CVE up to 9.2) allow attackers to bypass firewalls, hijack devices, and execute arbitrary code on IoT systems, threatening critical infrastructure.
Learn more: https://thehackernews.com/2024/11/ovrc-platform-vulnerabilities-expose.html
Learn more: https://thehackernews.com/2024/11/ovrc-platform-vulnerabilities-expose.html
π11β‘3π3π3
Bitdefender has released a free decryptor for ShrinkLocker, a #ransomware that uses BitLocker to lock files, and can compromise entire networks in under 10 minutes.
Read: https://thehackernews.com/2024/11/free-decryptor-released-for-bitlocker.html
Read: https://thehackernews.com/2024/11/free-decryptor-released-for-bitlocker.html
π14β‘4π3π€―3
π¨ 90% of network traffic flows through browsers. This makes them a prime target for cybercriminals. Phishing, data leakage & credential theft are increasing threats.
Check out LayerXβs guide for CISOs on protecting your teams and data.
Read: https://thehackernews.com/2024/11/comprehensive-guide-to-building-strong.html
Check out LayerXβs guide for CISOs on protecting your teams and data.
Read: https://thehackernews.com/2024/11/comprehensive-guide-to-building-strong.html
π13β‘5π1
On November 19, GigaOm Analyst, Paul Stringfellow and Sentra's Director of Product Marketing, David S., will share the latest insights from Gigaomβs recent DSPM report.
This session will spotlight critical factors in choosing a DSPM provider and reveal why DSPM is emerging as a distinct and essential component of modern data security.
Donβt miss this opportunity to learn directly from the experts!
Reserve your spot here π https://thn.news/dspm-webinar
This session will spotlight critical factors in choosing a DSPM provider and reveal why DSPM is emerging as a distinct and essential component of modern data security.
Donβt miss this opportunity to learn directly from the experts!
Reserve your spot here π https://thn.news/dspm-webinar
www.sentra.io
Webinar: Securing Data Everywhere and Always with DSPM
How Data Security Posture Management (DSPM) is - finally- giving organizations a way to automatically discover, classify, and secure all their data.
π13β‘2π€2π€―2π1
A threat group aligned with Hamas has expanded its cyber warfare beyond espionage, deploying new disruptive wipers and phishing campaigns targeting Israel.
Learn more: https://thehackernews.com/2024/11/hamas-affiliated-wirte-employs-samecoin.html
Learn more: https://thehackernews.com/2024/11/hamas-affiliated-wirte-employs-samecoin.html
π26π€―5π€4β‘3π3π₯1
π Internal vs. External PenTesting: What IT Pros Need to Know!
Cyber threats are up 180% β is your network ready? Regular network pentesting is more important than ever, but do you know the difference between internal vs external pentesting? π€
β’ Internal: Tests from the inside, catching insider threats.
β’ External: Protects your public-facing assets from outside attacks.
Finding weaknesses first = saving $$$, staying compliant, and peace of mind. And with vPenTest, network pen testing is easier and more affordable than ever!
π Read more: https://thn.news/network-penetration-testing
Cyber threats are up 180% β is your network ready? Regular network pentesting is more important than ever, but do you know the difference between internal vs external pentesting? π€
β’ Internal: Tests from the inside, catching insider threats.
β’ External: Protects your public-facing assets from outside attacks.
Finding weaknesses first = saving $$$, staying compliant, and peace of mind. And with vPenTest, network pen testing is easier and more affordable than ever!
π Read more: https://thn.news/network-penetration-testing
Vonahi Security's Blog
Internal vs. External Network Penetration Testing: What IT Professionals Need to Know
Stay secure with regular network penetration testing. Learn about internal vs. external tests and how vPenTest makes frequent testing easy and affordable.
π8π7β‘5π₯2π2π€1
Exploit alert: Russia-linked threat actors have actively exploited the CVE-2024-43451 #vulnerability to deploy Spark RAT, with the potential for significant damage through credential theft.
Read: https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html
Read: https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html
π12π₯6π3β‘2
π North Korean hackers are back with a new malware campaign targeting macOS. "RustyAttr" leverages extended file attributes to stealthily deliver malicious payloads.
Learn more: https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html
Learn more: https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html
π19β‘4π2π€2π1
A misconfigured TikTok pixel nearly caused a costly GDPR violation for a global travel company, showing how simple oversights can lead to significant fines and reputational damage.
Learn more: https://thehackernews.com/2024/11/tiktok-pixel-privacy-nightmare-new-case.html
Learn more: https://thehackernews.com/2024/11/tiktok-pixel-privacy-nightmare-new-case.html
π7β‘2π2π€2π±1
Ransomware is evolvingβtargeting local backups & SaaS. Avoid 5 BCDR oversights that leave you exposed. Prioritize immutable backups, automated testing, & threat detection.
Read: https://thehackernews.com/2024/11/5-bcdr-oversights-that-leave-you-exposed-to-ransomware.html
Are you ready to recover?
Read: https://thehackernews.com/2024/11/5-bcdr-oversights-that-leave-you-exposed-to-ransomware.html
Are you ready to recover?
π7β‘3π3
π The rise of cloaking and deepfakes is shaking up cybersecurity.
Google warns that fraudsters are using cloaking tactics to impersonate legitimate sites, leading to scams and malware installs.
Read: https://thehackernews.com/2024/11/google-warns-of-rising-cloaking-scams.html
Stay alert to these evolving threats!
Google warns that fraudsters are using cloaking tactics to impersonate legitimate sites, leading to scams and malware installs.
Read: https://thehackernews.com/2024/11/google-warns-of-rising-cloaking-scams.html
Stay alert to these evolving threats!
π₯13π4π2β‘1
Researchers reveal over 70,000 domains have been hijacked by cybercriminals using a stealthy technique called Sitting Ducks.
This attack targets DNS misconfigurations, making it nearly impossible to detect.
Read: https://thehackernews.com/2024/11/experts-uncover-70000-hijacked-domains.html
This attack targets DNS misconfigurations, making it nearly impossible to detect.
Read: https://thehackernews.com/2024/11/experts-uncover-70000-hijacked-domains.html
π12π₯5β‘3π3
π¨ Urgent : CISA warns of active exploitation of critical flaws in Palo Alto Networks Expedition OS and SQL services (CVEs 9463 & 9465).
Read: https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html
These vulnerabilities could lead to severe breaches if not addressed promptly.
Read: https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html
These vulnerabilities could lead to severe breaches if not addressed promptly.
π9π8β‘4π3
Ilya Lichtenstein sentenced to 5 years for masterminding the 2016 Bitfinex hack, stealing $10.5B in #Bitcoin.
His laundering tactics included crypto mixers and fake identities, highlighting the evolving threat in crypto security.
Read: https://thehackernews.com/2024/11/bitfinex-hacker-sentenced-to-5-years.html
His laundering tactics included crypto mixers and fake identities, highlighting the evolving threat in crypto security.
Read: https://thehackernews.com/2024/11/bitfinex-hacker-sentenced-to-5-years.html
π19β‘6π4π₯1π€―1
β οΈ Researchers have identified a high-severity #vulnerability (CVE-2024-10979) in PostgreSQL, allowing unprivileged users to alter environment variables, leading to potential code execution or information leaks.
Read: https://thehackernews.com/2024/11/high-severity-flaw-in-postgresql-allows.html
Read: https://thehackernews.com/2024/11/high-severity-flaw-in-postgresql-allows.html
β‘13π₯8π5π€―4
Warning -- PXA Stealer, a new Python-based #malware, is targeting European & Asian gov and education sectors, stealing sensitive data like credentials & financial info.
Learn more: https://thehackernews.com/2024/11/vietnamese-hacker-group-deploys-new-pxa.html
Learn more: https://thehackernews.com/2024/11/vietnamese-hacker-group-deploys-new-pxa.html
β‘14π€―3π2
AI in IAM = smarter security!
Machine learning analyzes behavior patterns to detect anomalies, enabling quicker & precise threat responses.
Learn how it reduces false positives, boosts efficiency & strengthens defenses: https://thehackernews.com/2024/11/how-ai-is-transforming-iam-and-identity.html
Machine learning analyzes behavior patterns to detect anomalies, enabling quicker & precise threat responses.
Learn how it reduces false positives, boosts efficiency & strengthens defenses: https://thehackernews.com/2024/11/how-ai-is-transforming-iam-and-identity.html
π7β‘6π€2π€―2
π Trust is the foundation of your businessβhow solid is your certificate management?
Join our exclusive webinar to gain actionable insights into crypto agility and post-quantum cryptography from industry experts.
Donβt miss outβsecure your spot now: https://thehackernews.com/2024/11/master-certificate-management-join-this.html
Join our exclusive webinar to gain actionable insights into crypto agility and post-quantum cryptography from industry experts.
Donβt miss outβsecure your spot now: https://thehackernews.com/2024/11/master-certificate-management-join-this.html
π7β‘5π₯3
Researchers found vulnerabilities in Googleβs Vertex AI, allowing attackers to escalate privileges and exfiltrate models through manipulated custom job permissions and AI Pipelines, gaining backdoor access to Google Cloud and Kubernetes.
https://thehackernews.com/2024/11/researchers-warn-of-privilege.html
https://thehackernews.com/2024/11/researchers-warn-of-privilege.html
π€―13β‘6π6π5π±4
π΄ Alert: Iranian state-backed group, Cotton Sandstorm, has unleashed a new cyber espionage toolβWezRat.
This remote access trojan can execute malicious commands, steal sensitive data, and even take screenshots.
Read: https://thehackernews.com/2024/11/iranian-hackers-deploy-wezrat-malware.html
This remote access trojan can execute malicious commands, steal sensitive data, and even take screenshots.
Read: https://thehackernews.com/2024/11/iranian-hackers-deploy-wezrat-malware.html
π8π€5β‘4π₯3
π΄ New Threat Alert: BrazenBamboo, a well-resourced group, is exploiting an UNPATCHED zero-day #vulnerability in Fortinet's FortiClient for Windows to extract VPN credentials.
Learn more: https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html
Learn more: https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html
π9π€5β‘2