An unknown attacker exploited vulnerabilities (CVE-2023-28432 and CVE-2023-28434) in MinIO storage system for unauthorized code execution. How did they backdoor it?

Details revealed by Security Joes: https://thehackernews.com/2023/09/hackers-exploit-minio-storage-system.html

Meta thwarts China and Russia's massive influence ops! Thousands of accounts and pages blocked across platforms.

Learn more about this: https://thehackernews.com/2023/09/meta-takes-down-thousands-of-accounts.html

Learn about North Korean Andariel group's advanced malware attacks on South Korean corporations using Go language-based strains.

Details here: https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html

Chaes malware leveled up by switching to Python, refining communication, and slipping through defenses.

Learn how Lucifer - the group behind it - targeting Banking and logistics industries.

Read details: https://thehackernews.com/2023/09/new-python-variant-of-chaes-malware.html

Is your organization's Identity Attack Surface well-guarded? Join us for an enlightening webinar led by Hed Kovetz , CEO of Silverfort.

Get answers to your burning questions and fortify your defenses.

https://thehackernews.com/2023/09/way-too-vulnerable-join-this-webinar-to.html

Don't miss out - reserve your spot now!

New BLISTER update spotted!

Part of SocGholish attacks, it spreads an open-source C2 framework called Mythic. Enhanced targeting & lower exposure in VMs/sandboxes make it a potent threat.

Learn more: https://thehackernews.com/2023/09/new-blister-malware-update-fuelling.html

Ukraine's CERT-UA fends off a cyberattack on critical energy infrastructure. Learn how a phishing email led to an infiltration attempt by APT28.

Read more: https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html

A hidden "phishing empire" dubbed W3LL Store has compromised 8,000+ Microsoft 365 business email accounts.

Discover the evolution of this phishing-as-a-service: https://thehackernews.com/2023/09/w3ll-store-how-secret-phishing.html

🚨 9 new vulnerabilities exposed in Schweitzer Engineering Laboratories' power management products.

Learn how attackers could exploit these flaws to gain control: https://thehackernews.com/2023/09/9-alarming-vulnerabilities-uncovered-in.html

CISOs, are you automating for efficiency in your SOC?

Troy Wilkinson, Tammy Moskites and Rob Geurtsen share insights on streamlining threat detection and response.

Learn more: https://thehackernews.com/2023/09/three-cisos-share-how-to-run-effective.html

🚨 New Phishing Alert 🎣

Iranian hackers deploying SideTwist backdoor in fresh phishing attack. Separate campaign features new variant of Agent Tesla malware.

Learn about their tactics here: https://thehackernews.com/2023/09/alert-phishing-campaigns-deliver-new.html

🚨 Urgent update!

Google's latest patch addresses a high-severity vulnerability in the Android Framework (CVE-2023-35674) that is currently being actively exploited in the wild.

Learn more: https://thehackernews.com/2023/09/zero-day-alert-latest-android-patch.html

From a crash dump to a security jackpot!

Microsoft reveals how China-based hacker group Storm-0558 hacked an engineer's corporate account, discovering a crash dump in the debugging environment that led to the theft of an #Outlook signing key.

https://thehackernews.com/2023/09/outlook-breach-microsoft-reveals-how.html

🚨 Beware! A new Mirai botnet variant named Pandora is compromising Android-based TV sets, transforming them into DDoS attack bots.

Discover how the Pandora exploits these devices: https://thehackernews.com/2023/09/mirai-botnet-variant-pandora-hijacks.html

Apache SuperSet users, beware!

A critical update has been released to patch two new vulnerabilities (CVE-2023-39265 & CVE-2023-37941) that could expose your servers to remote code execution attacks.

Find out here: https://thehackernews.com/2023/09/alert-apache-superset-vulnerabilities.html

🚨 Beware of the latest macOS threat! A new malvertising campaign is actively spreading Atomic Stealer malware, targeting gamers and crypto users.

Read: https://thehackernews.com/2023/09/mac-users-beware-malvertising-campaign.html

Are your defenses up to date?

🚨 Urgent Spyware Alert!

Apple patched 2 new zero-day vulnerabilities in iOS, iPadOS & macOS devices, exploited in a zero-click iMessage exploit chain called BLASTPASS to deploy Pegasus spyware.

Read details & PATCH your devices ASAP: https://thehackernews.com/2023/09/apple-rushes-to-patch-zero-day-flaws.html

📢 Cybersecurity Alert:

CISA Warns of multiple nation-state threat actors exploiting vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to compromise critical systems.

Discover the tactics: https://thehackernews.com/2023/09/cisa-warning-nation-state-hackers.html

ALERT: North Korean hackers exploiting zero-day bugs and using fake social media accounts to compromise cybersecurity researchers.

Learn how they're doing it: https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html

Cisco takes action against critical security flaw in BroadWorks platform, while Juniper Networks and Tenda Modem Router also face vulnerabilities.

Find out what you need to know to keep your systems safe: https://thehackernews.com/2023/09/cisco-issues-urgent-fix-for.html