Dark web investigations rely on techniques like OSINT to uncover identities and track down cybercriminals.

Explore the various techniques used to identify the individuals behind these sites and personas.

Read: https://thehackernews.com/2023/07/exploring-dark-side-osint-tools-and.html

U.S. cybersecurity agencies issue recommendations to strengthen security in 5G network slicing. Find out how to ensure confidentiality, integrity, and availability of network services.

Read details: https://thehackernews.com/2023/07/cisa-and-nsa-issue-new-guidance-to.html

ColdFusion users, beware! Adobe has released new updates to fix a critical security flaw (CVE-2023-38205) that's actively being exploited in the wild.

Read: https://thehackernews.com/2023/07/adobe-rolls-out-new-patches-for.html

Make sure to update your installations to stay protected.

To address evolving nation-state cyber threats, Microsoft announces the inclusion of detailed logs of email access and more log data types for customers at no additional cost.

Read details: https://thehackernews.com/2023/07/microsoft-expands-cloud-logging-to.html

Cybersecurity researchers are warning about a new cloud-targeting, peer-to-peer worm called P2PInfect. It exploits vulnerable Redis instances running on Linux and Windows OS, making it highly scalable.

Read more: https://thehackernews.com/2023/07/new-p2pinfect-worm-targeting-redis.html

North Korean state-sponsored groups suspected in the recent supply chain attack on JumpCloud! They used the breach to target cryptocurrency firms, aiming to generate illegal revenues.

Learn more: https://thehackernews.com/2023/07/north-korean-state-sponsored-hackers.html

Multiple critical flaws in Apache OpenMeetings, a web conferencing solution, exposed admin accounts to control and malicious code execution.

✅ CVE-2023-28936
✅ CVE-2023-29032
✅ CVE-2023-29246

Read details: https://thehackernews.com/2023/07/apache-openmeetings-web-conferencing.html

Mallox ransomware surges 174% in 2023, employing double extortion tactics by stealing data before encryption.

Read: https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html

Targeting manufacturing, legal services, and retail sectors, they exploit vulnerable MS-SQL servers as a primary penetration vector.

⚠️ Alert! New security flaws in AMI MegaRAC BMC software have been disclosed, putting vulnerable servers at risk. Attackers could remotely take control and deploy malware.

Details here: https://thehackernews.com/2023/07/critical-flaws-in-ami-megarac-bmc.html

U.S. cybersecurity agency warns of a critical flaw (CVE-2023-3519) in Citrix NetScaler ADC and Gateway devices being exploited by hackers to drop web shells on vulnerable systems.

Learn more: https://thehackernews.com/2023/07/citrix-netscaler-adc-and-gateway.html

DDoS botnets are exploiting the CVE-2023-28771 vulnerability in Zyxel devices to gain remote control and launch devastating attacks.

Learn more: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

DDoS botnets are exploiting the CVE-2023-28771 vulnerability in Zyxel devices to gain remote control and launch devastating attacks.

Learn more: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

Protecting local governments from ransomware attacks is crucial! Implementing robust password policies is a step towards enhanced security. Check out tools like Specops Password Policy to keep your organization safe!

Read: https://thehackernews.com/2023/07/local-governments-targeted-for.html

Beware of BundleBot, a stealthy malware strain that's stealing sensitive info from compromised hosts! It spreads through Facebook Ads, cleverly disguised as regular programs, AI tools, or games.

Read: https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html

🚨 HotRat, a dangerous variant of the AsyncRAT malware, is spreading through pirated versions of popular software and games.

Read: https://thehackernews.com/2023/07/hotrat-new-variant-of-asyncrat-malware.html

Chinese nation-state actor Storm-0558's attack on Microsoft's email infrastructure is more extensive than previously believed. Researchers at Wiz reveal the scope, which included forging access tokens for various Azure AD applications!

Read: https://thehackernews.com/2023/07/azure-ad-token-forging-technique-in.html

🔒 Apple takes a strong stand for data security & privacy, warning it might stop offering iMessage and FaceTime in the U.K. rather than compromise on encryption, opposing new digital surveillance proposals.

Details: https://thehackernews.com/2023/07/apple-threatens-to-pull-imessage-and.html

⚠️ Researchers uncover first-ever open-source software supply chain attacks targeting banks!

🏦 Malware authors posed as employees, tricked users with preinstall scripts, and cleverly used Azure's CDN subdomains.

Read details: https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html

🔒 Heads up, techies! A new vulnerability (CVE-2023-38408) has been uncovered in OpenSSH that can enable attackers to execute arbitrary commands remotely.

Don't wait—update now and keep your system secure.

Read: https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html

📢 Google announces support for cross-platform end-to-end encryption 🔒 with MLS protocol on its 💬 messages service for Android. Secure communication, regardless of the messaging platform used.

Read details here: https://thehackernews.com/2023/07/google-messages-getting-cross-platform.html