APT41, a China-linked nation-state actor, has been linked to two newAndroid spyware strains, WyrmSpy and DragonEgg.

Read: https://thehackernews.com/2023/07/chinese-apt41-hackers-target-mobile.html

Dark web investigations rely on techniques like OSINT to uncover identities and track down cybercriminals.

Explore the various techniques used to identify the individuals behind these sites and personas.

Read: https://thehackernews.com/2023/07/exploring-dark-side-osint-tools-and.html

U.S. cybersecurity agencies issue recommendations to strengthen security in 5G network slicing. Find out how to ensure confidentiality, integrity, and availability of network services.

Read details: https://thehackernews.com/2023/07/cisa-and-nsa-issue-new-guidance-to.html

ColdFusion users, beware! Adobe has released new updates to fix a critical security flaw (CVE-2023-38205) that's actively being exploited in the wild.

Read: https://thehackernews.com/2023/07/adobe-rolls-out-new-patches-for.html

Make sure to update your installations to stay protected.

To address evolving nation-state cyber threats, Microsoft announces the inclusion of detailed logs of email access and more log data types for customers at no additional cost.

Read details: https://thehackernews.com/2023/07/microsoft-expands-cloud-logging-to.html

Cybersecurity researchers are warning about a new cloud-targeting, peer-to-peer worm called P2PInfect. It exploits vulnerable Redis instances running on Linux and Windows OS, making it highly scalable.

Read more: https://thehackernews.com/2023/07/new-p2pinfect-worm-targeting-redis.html

North Korean state-sponsored groups suspected in the recent supply chain attack on JumpCloud! They used the breach to target cryptocurrency firms, aiming to generate illegal revenues.

Learn more: https://thehackernews.com/2023/07/north-korean-state-sponsored-hackers.html

Multiple critical flaws in Apache OpenMeetings, a web conferencing solution, exposed admin accounts to control and malicious code execution.

✅ CVE-2023-28936
✅ CVE-2023-29032
✅ CVE-2023-29246

Read details: https://thehackernews.com/2023/07/apache-openmeetings-web-conferencing.html

Mallox ransomware surges 174% in 2023, employing double extortion tactics by stealing data before encryption.

Read: https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html

Targeting manufacturing, legal services, and retail sectors, they exploit vulnerable MS-SQL servers as a primary penetration vector.

⚠️ Alert! New security flaws in AMI MegaRAC BMC software have been disclosed, putting vulnerable servers at risk. Attackers could remotely take control and deploy malware.

Details here: https://thehackernews.com/2023/07/critical-flaws-in-ami-megarac-bmc.html

U.S. cybersecurity agency warns of a critical flaw (CVE-2023-3519) in Citrix NetScaler ADC and Gateway devices being exploited by hackers to drop web shells on vulnerable systems.

Learn more: https://thehackernews.com/2023/07/citrix-netscaler-adc-and-gateway.html

DDoS botnets are exploiting the CVE-2023-28771 vulnerability in Zyxel devices to gain remote control and launch devastating attacks.

Learn more: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

DDoS botnets are exploiting the CVE-2023-28771 vulnerability in Zyxel devices to gain remote control and launch devastating attacks.

Learn more: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

Protecting local governments from ransomware attacks is crucial! Implementing robust password policies is a step towards enhanced security. Check out tools like Specops Password Policy to keep your organization safe!

Read: https://thehackernews.com/2023/07/local-governments-targeted-for.html

Beware of BundleBot, a stealthy malware strain that's stealing sensitive info from compromised hosts! It spreads through Facebook Ads, cleverly disguised as regular programs, AI tools, or games.

Read: https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html

🚨 HotRat, a dangerous variant of the AsyncRAT malware, is spreading through pirated versions of popular software and games.

Read: https://thehackernews.com/2023/07/hotrat-new-variant-of-asyncrat-malware.html

Chinese nation-state actor Storm-0558's attack on Microsoft's email infrastructure is more extensive than previously believed. Researchers at Wiz reveal the scope, which included forging access tokens for various Azure AD applications!

Read: https://thehackernews.com/2023/07/azure-ad-token-forging-technique-in.html

🔒 Apple takes a strong stand for data security & privacy, warning it might stop offering iMessage and FaceTime in the U.K. rather than compromise on encryption, opposing new digital surveillance proposals.

Details: https://thehackernews.com/2023/07/apple-threatens-to-pull-imessage-and.html

⚠️ Researchers uncover first-ever open-source software supply chain attacks targeting banks!

🏦 Malware authors posed as employees, tricked users with preinstall scripts, and cleverly used Azure's CDN subdomains.

Read details: https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html

🔒 Heads up, techies! A new vulnerability (CVE-2023-38408) has been uncovered in OpenSSH that can enable attackers to execute arbitrary commands remotely.

Don't wait—update now and keep your system secure.

Read: https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html