X Corp (formerly Twitter) has updated its privacy policy to collect biometric data from premium users in order to prevent fraud and impersonation. Users can also submit a photocopy of their government ID for verification.

Details: https://thehackernews.com/2023/09/x-twitter-to-collect-biometric-data.html

An unknown attacker exploited vulnerabilities (CVE-2023-28432 and CVE-2023-28434) in MinIO storage system for unauthorized code execution. How did they backdoor it?

Details revealed by Security Joes: https://thehackernews.com/2023/09/hackers-exploit-minio-storage-system.html

Meta thwarts China and Russia's massive influence ops! Thousands of accounts and pages blocked across platforms.

Learn more about this: https://thehackernews.com/2023/09/meta-takes-down-thousands-of-accounts.html

Learn about North Korean Andariel group's advanced malware attacks on South Korean corporations using Go language-based strains.

Details here: https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html

Chaes malware leveled up by switching to Python, refining communication, and slipping through defenses.

Learn how Lucifer - the group behind it - targeting Banking and logistics industries.

Read details: https://thehackernews.com/2023/09/new-python-variant-of-chaes-malware.html

Is your organization's Identity Attack Surface well-guarded? Join us for an enlightening webinar led by Hed Kovetz , CEO of Silverfort.

Get answers to your burning questions and fortify your defenses.

https://thehackernews.com/2023/09/way-too-vulnerable-join-this-webinar-to.html

Don't miss out - reserve your spot now!

New BLISTER update spotted!

Part of SocGholish attacks, it spreads an open-source C2 framework called Mythic. Enhanced targeting & lower exposure in VMs/sandboxes make it a potent threat.

Learn more: https://thehackernews.com/2023/09/new-blister-malware-update-fuelling.html

Ukraine's CERT-UA fends off a cyberattack on critical energy infrastructure. Learn how a phishing email led to an infiltration attempt by APT28.

Read more: https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html

A hidden "phishing empire" dubbed W3LL Store has compromised 8,000+ Microsoft 365 business email accounts.

Discover the evolution of this phishing-as-a-service: https://thehackernews.com/2023/09/w3ll-store-how-secret-phishing.html

🚨 9 new vulnerabilities exposed in Schweitzer Engineering Laboratories' power management products.

Learn how attackers could exploit these flaws to gain control: https://thehackernews.com/2023/09/9-alarming-vulnerabilities-uncovered-in.html

CISOs, are you automating for efficiency in your SOC?

Troy Wilkinson, Tammy Moskites and Rob Geurtsen share insights on streamlining threat detection and response.

Learn more: https://thehackernews.com/2023/09/three-cisos-share-how-to-run-effective.html

🚨 New Phishing Alert 🎣

Iranian hackers deploying SideTwist backdoor in fresh phishing attack. Separate campaign features new variant of Agent Tesla malware.

Learn about their tactics here: https://thehackernews.com/2023/09/alert-phishing-campaigns-deliver-new.html

🚨 Urgent update!

Google's latest patch addresses a high-severity vulnerability in the Android Framework (CVE-2023-35674) that is currently being actively exploited in the wild.

Learn more: https://thehackernews.com/2023/09/zero-day-alert-latest-android-patch.html

From a crash dump to a security jackpot!

Microsoft reveals how China-based hacker group Storm-0558 hacked an engineer's corporate account, discovering a crash dump in the debugging environment that led to the theft of an #Outlook signing key.

https://thehackernews.com/2023/09/outlook-breach-microsoft-reveals-how.html

🚨 Beware! A new Mirai botnet variant named Pandora is compromising Android-based TV sets, transforming them into DDoS attack bots.

Discover how the Pandora exploits these devices: https://thehackernews.com/2023/09/mirai-botnet-variant-pandora-hijacks.html

Apache SuperSet users, beware!

A critical update has been released to patch two new vulnerabilities (CVE-2023-39265 & CVE-2023-37941) that could expose your servers to remote code execution attacks.

Find out here: https://thehackernews.com/2023/09/alert-apache-superset-vulnerabilities.html

🚨 Beware of the latest macOS threat! A new malvertising campaign is actively spreading Atomic Stealer malware, targeting gamers and crypto users.

Read: https://thehackernews.com/2023/09/mac-users-beware-malvertising-campaign.html

Are your defenses up to date?

🚨 Urgent Spyware Alert!

Apple patched 2 new zero-day vulnerabilities in iOS, iPadOS & macOS devices, exploited in a zero-click iMessage exploit chain called BLASTPASS to deploy Pegasus spyware.

Read details & PATCH your devices ASAP: https://thehackernews.com/2023/09/apple-rushes-to-patch-zero-day-flaws.html

📢 Cybersecurity Alert:

CISA Warns of multiple nation-state threat actors exploiting vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to compromise critical systems.

Discover the tactics: https://thehackernews.com/2023/09/cisa-warning-nation-state-hackers.html

ALERT: North Korean hackers exploiting zero-day bugs and using fake social media accounts to compromise cybersecurity researchers.

Learn how they're doing it: https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html