🛩️ New iOS 16 Exploit Creates Fake Airplane Mode!

Cybersecurity experts discovered a sneaky post-exploit trick allowing attackers to secretly stay connected while your Apple device appears offline, even with Airplane Mode 'on'.

Read: https://thehackernews.com/2023/08/new-apple-ios-16-exploit-enables.html

Espionage Disguised as Ransomware?

Ongoing cyber attacks traced back to China target Southeast Asian gambling. Learn how Bronze Starlight deploys Cobalt Strike beacons and hides motives behind ransomware smokescreens.

Read: https://thehackernews.com/2023/08/china-linked-bronze-starlight-group.html

🔒 New attack alert — "NoFilter" technique exploits Windows Filtering Platform for sneaky privilege escalation.

Evades detection, hijacks admin code to "NT AUTHORITY\SYSTEM."

Find details here: https://thehackernews.com/2023/08/nofilter-attack-sneaky-privilege.html

Goodbye, sneaky extensions!

Google Chrome's upcoming version 117 plans to introduce a new security feature that will notify users after automatically removing any installed extensions that become malicious.

Learn how it works: https://thehackernews.com/2023/08/google-chromes-new-feature-alerts-users.html

Microsoft uncovers revamped BlackCat ransomware variant embedding Impacket & RemCom tools for lateral movement & remote code execution.

Read details: https://thehackernews.com/2023/08/new-blackcat-ransomware-variant-adopts.html

Attention businesses! A sneaky campaign is targeting Zimbra email servers for login credentials. Learn about the ongoing threat and its stealthy strategy.

Read: https://thehackernews.com/2023/08/new-wave-of-attack-campaign-targeting.html

Power of Machine Learning - Supercharge your Zero Trust strategy!

NDR + Machine Learning = the ultimate dynamic duo. These algorithms don't rely on old "Indicators of Compromise" (IoCs) – they learn and evolve to nab new, evolving threat.

Read: https://thehackernews.com/2023/08/the-vulnerability-of-zero-trust-lessons.html

In a coordinated operation across 25 African nations, INTERPOL-AFRIPOL arrested 14 individuals in a crackdown on cybercrime. Over $40M losses linked to 20,674 cyber networks.

Read details: https://thehackernews.com/2023/08/14-suspected-cybercriminals-arrested.html

How are hackers getting around malware detection?

They're using sneaky unsupported compression methods in Android APK files to evade detection!

These undetectable apps, with 3,300 cases found, are harder to analyze.

Details: https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html

Juniper Networks released an "out-of-cycle" security patch for Junos OS.

J-Web component flaws have a CVSS rating of 9.8/10, making them a 'Critical' watch-out!

Read details: https://thehackernews.com/2023/08/new-juniper-junos-os-flaws-expose.html

Attackers could remotely execute code by chaining these vulnerabilities.

Sophisticated WoofLocker toolkit update hides malicious JavaScript in PNG images, tricks users with fake tech support scams using advanced fingerprinting and redirection mechanisms.

Read: https://thehackernews.com/2023/08/wooflocker-toolkit-hides-malicious.html

HiatusRAT malware creators return, targeting Taiwan-based orgs & U.S. military procurement system.

Upgraded malware now supports multiple architectures & hosted on new VPSs.

Read details: https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html

Malware-infected Windows & macOS machines are now being used as proxy exit nodes, allowing threat actors to reroute requests.

Read: https://thehackernews.com/2023/08/this-malware-turned-thousands-of-hacked.html

A high-severity flaw in WinRAR could let hackers remotely run code on Windows systems.

Learn more about CVE-2023-40477: https://thehackernews.com/2023/08/new-winrar-vulnerability-could-allow.html

Critical security flaw (CVE-2023-26359) in Adobe ColdFusion added to CISA's catalog of known exploited vulnerabilities.

Read: https://thehackernews.com/2023/08/critical-adobe-coldfusion-flaw-added-to.html

Affects ColdFusion 2018 and 2021. Patched by Adobe in March, but active exploitation evidence is concerning.

Beware #macOS users! A sneaky variant of the XLoader malware hides inside an app called "OfficeNote."

Think you're boosting productivity? You might be compromising security!

Read details: https://thehackernews.com/2023/08/new-variant-of-xloader-macos-malware.html

Carderbee, a new threat cluster, is targeting organizations in Hong Kong and Asia.

The breach uses software supply chain attacks and a Microsoft signed certificate to fetch PlugX from a remote server.

Read more: https://thehackernews.com/2023/08/carderbee-attacks-hong-kong.html

Beware Roblox developers! Malicious packages on the npm repository have been found. These imposters are deploying Luna Token Grabber to snatch credentials.

Read details: https://thehackernews.com/2023/08/over-dozen-malicious-npm-packages.html

🛡️ Beware of Spacecolon! This malicious tool is spreading Scarab ransomware globally. France, Mexico, Poland, Slovakia, Spain, and Turkey are among the top targets.

Read detais: https://thehackernews.com/2023/08/spacecolon-toolset-fuels-global-surge.html

A Syrian threat actor, EVLF, has been identified as the developer of malware tools CypherRAT and CraxsRAT. These tools can control a device's camera, location, and mic remotely.

Read details: https://thehackernews.com/2023/08/syrian-threat-actor-evlf-unmasked-as.html