Obscure Iranian company Cloudzy faces scrutiny!

A recent report has revealed that it is being used by cybercrime groups and nation-state crews as a command-and-control provider, enabling and facilitating illegal operations.

Read details: https://thehackernews.com/2023/08/iranian-company-cloudzy-accused-of.html

Researchers have discovered a sneaky post-exploitation technique in Amazon Web Services (AWS). It appears that the SSM Agent can transform into a remote access trojan on both Windows and Linux systems.

Learn more: https://thehackernews.com/2023/08/researchers-uncover-aws-ssm-agent.html

Cybercriminals on #Telegram cause global cyberattacks and data leaks, hitting the financial, retail, and IT sectors the hardest.

To learn how organizations can protect against illicit activities on Telegram, read this article: https://thehackernews.com/2023/08/top-industries-significantly-impacted.html

Alarming news for industrial control systems: 34% of reported vulnerabilities have no patch or remediation, up from last year's 13%.

Read: https://thehackernews.com/2023/08/industrial-control-systems.html

SynSaber data shows that CISA received reports of 670 ICS product flaws in H1 2023. Among them, 88 were critical and 227 had no available fixes.

Sophisticated Facebook phishing campaign exploiting zero-day flaw in Salesforce email services.

Crafty threat actors create targeted messages using the company's domain.

Click here to learn more about clever tactics: https://thehackernews.com/2023/08/phishers-exploit-salesforces-email.html

BlueCharlie, a Russian adversary assessed to be affiliated with FSB, has resurfaced with 94 new domains.

Learn more: https://thehackernews.com/2023/08/russian-cyber-adversary-bluecharlie.html

This latest development demonstrates their unwavering determination to outsmart cybersecurity researchers.

Attention! A new BYPASS has been discovered for a recently patched vulnerability (CVE-2023-35082 / CVSS 10) in Ivanti Endpoint Manager Mobile (EPMM).

Read: https://thehackernews.com/2023/08/researchers-discover-bypass-for.html

Update immediately to safeguard your data against potential threats.

Microsoft has uncovered the crafty attacks of a Russian threat actor, who cleverly exploits Microsoft Teams chats. Users are deceived with phishing lures, ultimately resulting in stolen credentials.

Read details: https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html

The enigmatic Team Bangladesh, a group of hacktivists, has carried out over 750 DDoS attacks and defaced 78 websites.

Their main focus? Logistics, government, and financial organizations in India and Israel.

Read details: https://thehackernews.com/2023/08/mysterious-team-bangladesh-targeting.html

Microsoft warns of cyber risks in live sporting events. Valuable data on athletes and fans is at risk. Stadiums should implement network segmentations and strong security measures to defend against cyber threats.

Learn more: https://thehackernews.com/2023/08/microsoft-flags-growing-cybersecurity.html

🔒 Urgent Alert: Hundreds of Citrix NetScaler ADC and Gateway servers breached! Malicious actors exploit CVE-2023-3519 #vulnerability to deploy web shells.

Read more about this threat: https://thehackernews.com/2023/08/hundreds-of-citrix-netscaler-adc-and.html

🚨 Alert! Upgraded version of Rilide malware discovered. Targets Chromium-based web browsers. New version now adopts Chrome Extension Manifest V3.

Read: https://thehackernews.com/2023/08/new-version-of-rilide-data-theft.htm

Warning! Malicious actors are using sneaky techniques like versioning to bypass Google Play Store's malware detection. Their goal is to steal users' credentials, data, and finances.

Read details: https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html

🚨 ALERT! New malicious npm packages discovered!

Cybersecurity researchers found packages designed to steal sensitive developer data.

Read: https://thehackernews.com/2023/08/malicious-npm-packages-found.html

CISA, NSA, FBI, & global partners disclose the top exploited vulnerabilities of 2022. Beware of CVE-2018-13379, a 4-year-old Fortinet FortiOS SSL flaw still targeted by cybercriminals.

Read: https://thehackernews.com/2023/08/major-cybersecurity-agencies.html

Patch NOW to protect your organization.

A married couple from NYC pleads guilty to money laundering charges related to the 2016 Bitfinex hack. They were involved in the theft of around 120,000 Bitcoin, valued at $3.6 billion at the time.

Read: https://thehackernews.com/2023/08/nyc-couple-pleads-guilty-to-money.html

⚠️ ALERT: High-severity security flaw in PaperCut print management software for Windows!

CVE-2023-39143 enables remote code execution. Update to version 22.1.3 for protection!

Learn more about this: https://thehackernews.com/2023/08/researchers-uncover-new-high-severity.html

Microsoft has finally addressed a critical vulnerability in the Power Platform after facing criticism for the delay. Unauthorized access to Custom Code functions may lead to data disclosure.

Read: https://thehackernews.com/2023/08/microsoft-addresses-critical-power.html

Take immediate action to secure your system. #infosec

🔒 Threat actors are targeting Linux systems in South Korea using the open-source rootkit Reptile, providing them with a reverse shell to gain easy control.

Learn more: https://thehackernews.com/2023/08/reptile-rootkit-advanced-linux-malware.html

🔒 Strengthen your organization's security with Managed Detection and Response (MDR).

Outsource security operations for real-time threat hunting and better protection.

Read here: https://thehackernews.com/2023/08/mdr-empowering-organizations-with.html

Protect email, cloud services, IoT, and more from relentless threats.