Hackers target poorly secured MS SQL servers to deploy Cobalt Strike and the new FreeWorld ransomware.

Learn how they operate in this latesr report: https://thehackernews.com/2023/09/threat-actors-targeting-microsoft-sql.html

Beware! Okta warns of social engineering attacks aimed at admin credentials. Threat actors are manipulating multi-factor authentication settings.

Read on to stay secure: https://thehackernews.com/2023/09/okta-warns-of-social-engineering.html

Exploit code now available for critical SSH authentication bypass flaw in VMware Aria Operations for Networks. Discover how CVE-2023-34039 could lead to unauthorized access.

Read detais: https://thehackernews.com/2023/09/poc-exploit-released-for-critical.html

Vietnamese cybercriminals are using Facebook ads to deliver malware and hijack accounts.

Learn about their tactics to breach accounts, steal data, and spread their reach.

Read: https://thehackernews.com/2023/09/vietnamese-cybercriminals-targeting.html

🚨 Beware! A large-scale smishing campaign is hitting the U.S. through compromised Apple iCloud accounts. Cybercriminals are after your identity and finances.

Learn tactics, shield against this online menace: https://thehackernews.com/2023/09/chinese-speaking-cybercriminals-launch.html

🤖 AI: Hype vs. Reality ...

Self-driving cars, robot overlords—separating fact from fiction. Explore how AI is reshaping industries, what it can and can't do, and how businesses can harness its potential.

Learn more: https://thehackernews.com/2023/09/everything-you-wanted-to-know-about-ai.html

Don't be fooled by the buzz!

X Corp (formerly Twitter) has updated its privacy policy to collect biometric data from premium users in order to prevent fraud and impersonation. Users can also submit a photocopy of their government ID for verification.

Details: https://thehackernews.com/2023/09/x-twitter-to-collect-biometric-data.html

An unknown attacker exploited vulnerabilities (CVE-2023-28432 and CVE-2023-28434) in MinIO storage system for unauthorized code execution. How did they backdoor it?

Details revealed by Security Joes: https://thehackernews.com/2023/09/hackers-exploit-minio-storage-system.html

Meta thwarts China and Russia's massive influence ops! Thousands of accounts and pages blocked across platforms.

Learn more about this: https://thehackernews.com/2023/09/meta-takes-down-thousands-of-accounts.html

Learn about North Korean Andariel group's advanced malware attacks on South Korean corporations using Go language-based strains.

Details here: https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html

Chaes malware leveled up by switching to Python, refining communication, and slipping through defenses.

Learn how Lucifer - the group behind it - targeting Banking and logistics industries.

Read details: https://thehackernews.com/2023/09/new-python-variant-of-chaes-malware.html

Is your organization's Identity Attack Surface well-guarded? Join us for an enlightening webinar led by Hed Kovetz , CEO of Silverfort.

Get answers to your burning questions and fortify your defenses.

https://thehackernews.com/2023/09/way-too-vulnerable-join-this-webinar-to.html

Don't miss out - reserve your spot now!

New BLISTER update spotted!

Part of SocGholish attacks, it spreads an open-source C2 framework called Mythic. Enhanced targeting & lower exposure in VMs/sandboxes make it a potent threat.

Learn more: https://thehackernews.com/2023/09/new-blister-malware-update-fuelling.html

Ukraine's CERT-UA fends off a cyberattack on critical energy infrastructure. Learn how a phishing email led to an infiltration attempt by APT28.

Read more: https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html

A hidden "phishing empire" dubbed W3LL Store has compromised 8,000+ Microsoft 365 business email accounts.

Discover the evolution of this phishing-as-a-service: https://thehackernews.com/2023/09/w3ll-store-how-secret-phishing.html

🚨 9 new vulnerabilities exposed in Schweitzer Engineering Laboratories' power management products.

Learn how attackers could exploit these flaws to gain control: https://thehackernews.com/2023/09/9-alarming-vulnerabilities-uncovered-in.html

CISOs, are you automating for efficiency in your SOC?

Troy Wilkinson, Tammy Moskites and Rob Geurtsen share insights on streamlining threat detection and response.

Learn more: https://thehackernews.com/2023/09/three-cisos-share-how-to-run-effective.html

🚨 New Phishing Alert 🎣

Iranian hackers deploying SideTwist backdoor in fresh phishing attack. Separate campaign features new variant of Agent Tesla malware.

Learn about their tactics here: https://thehackernews.com/2023/09/alert-phishing-campaigns-deliver-new.html

🚨 Urgent update!

Google's latest patch addresses a high-severity vulnerability in the Android Framework (CVE-2023-35674) that is currently being actively exploited in the wild.

Learn more: https://thehackernews.com/2023/09/zero-day-alert-latest-android-patch.html

From a crash dump to a security jackpot!

Microsoft reveals how China-based hacker group Storm-0558 hacked an engineer's corporate account, discovering a crash dump in the debugging environment that led to the theft of an #Outlook signing key.

https://thehackernews.com/2023/09/outlook-breach-microsoft-reveals-how.html