Protect your systems against Big Head ransomware's diverse attack vectors! It's not just about encryption—it also incorporates a file infector called Neshta to deceive security solutions.

Read: https://thehackernews.com/2023/07/beware-of-big-head-ransomware-spreading.html

New report reveals ongoing SCARLETEEL attack campaign targeting AWS Fargate. Cybercriminals escalate privileges, exploit vulnerabilities, and profit through crypto mining.

Learn more about this attack: https://thehackernews.com/2023/07/scarleteel-cryptojacking-campaign.html

Discover the power of MITRE ATT&CK! This widely adopted framework categorizes tactics, techniques, and procedures used in cyberattacks, helping security professionals build strong defense strategies.

Learn more: https://thehackernews.com/2023/07/how-to-apply-mitre-att-to-your.html

🚨 Security Alert: Hackers are exploiting a Microsoft Windows policy loophole to forge signatures on kernel-mode drivers, gaining complete system access.

Learn more about this major threat: https://thehackernews.com/2023/07/hackers-exploit-windows-policy-loophole.html

Heads up, everyone! Microsoft has released updates to fix 130 security flaws, including 6 zero-day vulnerabilities being actively exploited. Update your software now to keep your systems secure.

Learn more: https://thehackernews.com/2023/07/microsoft-releases-patches-for-130.html

A sophisticated threat actor has been employing a new Python-based fileless attack called PyLoose to mine cryptocurrency on cloud workloads, bypassing traditional detection methods.

Read details: https://thehackernews.com/2023/07/python-based-pyloose-fileless-attack.html

🚨🕹️ Attention gamers! A new rootkit signed by Microsoft has been discovered, targeting the #gaming sector in China.

Read details here: https://thehackernews.com/2023/07/chinese-hackers-deploy-microsoft-signed.html

Microsoft thwarts cyber attack by a Chinese nation-state actor targeting government agencies and organizations, focused on espionage and data theft.

Read more: https://thehackernews.com/2023/07/microsoft-thwarts-chinese-cyber-attack.html

Ransomware attacks continue to rise in 2023, with cybercriminals extorting a staggering $449.1 million in the first half of the year alone. These extortionists are showing no signs of slowing down, with their sights set on a potential $898.6 million haul in 2023.

Read: https://thehackernews.com/2023/07/ransomware-extortion-skyrockets-in-2023.html

Phishing attacks are becoming more sophisticated with AI. Discover how cybercriminals leverage AI to enhance their phishing techniques and what organizations can do to defend against them.

Read: https://thehackernews.com/2023/07/the-risks-and-preventions-of-ai-in.html

⚡️ SonicWall and Fortinet both address critical vulnerabilities in their network security software. Update SonicWall's GMS and Analytics, and Fortinet's FortiOS and FortiProxy immediately to protect against unauthorized access.

Read: https://thehackernews.com/2023/07/new-vulnerabilities-disclosed-in.html

A sophisticated China-based hacking campaign has targeted U.S. government agencies and organizations, compromising email accounts via Microsoft Outlook Web Access in Exchange Online (OWA) & Outlook.

Read: https://thehackernews.com/2023/07/us-government-agencies-emails.html

U.S. CISA warns of critical vulnerabilities in Rockwell Automation ControlLogix ENIP modules, allowing remote code execution and DoS attacks.

Read details: https://thehackernews.com/2023/07/rockwell-automation-controllogix-bugs.html

Watch out, researchers! A recently discovered proof-of-concept (PoC) exploit on GitHub for CVE-2023-35829 turns out to be a malicious downloader. It silently executes a bash script disguised as a kernel-level process.

Read more: https://thehackernews.com/2023/07/blog-post.html

🚨 A highly aggressive cloud campaign by the TeamTNT group called Silentbob has infected 196 hosts! They're targeting Docker, Kubernetes, Redis, Postgres, and more. The focus appears to be testing the botnet rather than cryptomining.

Read: https://thehackernews.com/2023/07/teamtnts-silentbob-botnet-infecting-196.html

A new report reveals a series of cyberattacks targeting government entities, military organizations, & civilian users in #Ukraine & Poland. The attacks aim to steal sensitive data and gain remote access to infected systems.

Learn more: https://thehackernews.com/2023/07/picassoloader-malware-used-in-ongoing.html

Zimbra users, be cautious! Email collaboration software company has warned of an actively exploited zero-day vulnerability in its software.

Read details here: https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html

Apply the patch ASAP to eliminate the attack vector.

🚨 Alert! A new malware strain called AVrecon has quietly targeted over 70,000 small office/home office (SOHO) routers worldwide, forming a massive botnet of 40,000 nodes across 20 countries.

Read: http://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html

TeamTNT has expanded its cloud credential stealing campaign beyond AWS, now also targeting Azure and Google Cloud Platform.

Learn more about it: https://thehackernews.com/2023/07/teamtnts-cloud-credential-stealing.html

⚠️ Heads up: Over a million WordPress sites are affected by a critical bug in the All-In-One Security (AIOS) plugin.

It stored user passwords in plaintext, posing a risk if admins reused them on other services.

Read: https://thehackernews.com/2023/07/aios-wordpress-plugin-faces-backlash.html