SaaS Security breaches often stem from misconfigured settings. Learn how 'SaaS Security on Tap' video series tackles the key concepts.

Watch them here: https://thehackernews.com/2023/10/the-fast-evolution-of-saas-security.html

🚨 WinRAR users, be alert! Pro-Russian hackers exploited a recent vulnerability (CVE-2023-38831) in the software. Ensure your version is updated!

Read details: https://thehackernews.com/2023/10/pro-russian-hackers-exploiting-recent.html

🚨 Cisco alerts about a critical UNPATCHED zero-day security vulnerability (CVE-2023-20198) in its IOS XE software that's under active exploitation.

Learn more: https://thehackernews.com/2023/10/warning-unpatched-cisco-zero-day.html

Ukraine's CERT-UA discovered threat actors targeting 11 telecom providers between May and September 2023. The attacks caused service interruptions, and they used programs called POEMGATE and POSEIDON to control telecom hosts.

Learn more: https://thehackernews.com/2023/10/cert-ua-reports-11-ukrainian-telecom.html

🚨 Vulnerabilities Alert — Milesight's industrial routers risk unauthorized web interface access, while Titan MFT and Titan SFTP servers face remote superuser threats.

Find details here: https://thehackernews.com/2023/10/experts-warn-of-severe-flaws-affecting.html

🔒 Ransomware attacks are evolving rapidly.

From new evasion techniques to targeting high-income organizations, find out how they're adapting in Cyble's Q3 Ransomware Report:

Read: https://thehackernews.com/2023/10/ransomware-attacks-doubled-year-on-year.html

🚨 Alert — Two critical vulnerabilities in open-source CasaOS personal cloud software could allow attackers to gain full control of your system.

Find details here: https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html

🕵️‍♂️ Nation-state hackers are turning to Discord. Discover how they're using this social platform for potential cyber-espionage and target critical infrastructure.

Read: https://thehackernews.com/2023/10/discord-playground-for-nation-state.html

D-Link confirms data breach. Low-sensitivity data exposed from an old system due to an employee falling for a phishing attack.

Find details here: https://thehackernews.com/2023/10/d-link-confirms-data-breach-employee.html

A vulnerability in Synology's DSM has been revealed, allowing attackers to remotely hijack admin accounts.

Learn how to safeguard your data: https://thehackernews.com/2023/10/new-admin-takeover-vulnerability.html

🤖 A sophisticated campaign known as TetrisPhantom is targeting APAC government entities, covertly harvesting sensitive data via secure USB drives.

Read: https://thehackernews.com/2023/10/tetrisphantom-cyber-espionage-via.html

Kaspersky links the mysterious APT actor to attacks on Russian entities.

💰 Financial data is a digital treasure trove, but it's also a prime target for cybercriminals. Join our cybersecurity webinar to learn how to secure your financial data and ensure compliance.

Reserve your spot now—it's free: https://thehackernews.com/2023/10/webinar-locking-down-financial-and.html

⚠️ New cyber threat: Discover how Qubitstrike, linked to Tunisia, targets Jupyter Notebooks for cryptocurrency mining and cloud breaches while also employing a sophisticated rootkit malware.

Learn more: https://thehackernews.com/2023/10/qubitstrike-targets-jupyter-notebooks.html

🔐 Explore 7 real-life attack paths and learn how to tackle them.

Ensure you don't miss out on crucial insights and the power of the Exposure Management Platform for protecting critical assets.

Read: https://thehackernews.com/2023/10/unraveling-real-life-attack-paths-key.html

Citrix is warning of active exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that can hijack sessions and bypass multi-factor authentication.

Learn more: https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html

Patch immediately and terminate active sessions.

🚨 Korean hacking group Lazarus Group targets defense industry and nuclear engineers with fake job interviews, using trojanized VNC apps to steal data and execute commands.

Learn more: https://thehackernews.com/2023/10/lazarus-group-targeting-defense-experts.html

🕵️‍♂️ ALERT: Google TAG security experts uncover Russian and Chinese state-backed threat actors exploiting WinRAR vulnerability (CVE-2023-38831) to infiltrate systems.

Get details here: https://thehackernews.com/2023/10/google-tag-detects-state-backed-threat.html

North Korean threat actors Diamond Sleet and Onyx Sleet are exploiting a critical vulnerability in JetBrains TeamCity to breach servers, deploy #malware, and potentially launch supply chain attacks.

Read: https://thehackernews.com/2023/10/microsoft-warns-of-north-korean-attacks.html

Iran-linked threat actor, OilRig, launched an 8-month cyber campaign targeting a Middle East government. Passwords stolen, files compromised.

Learn more: https://thehackernews.com/2023/10/iran-linked-oilrig-targets-middle-east.html

Google Play Protect now scans apps in real time to detect and block novel Android malware before you install them.

Learn more: https://thehackernews.com/2023/10/google-play-protect-introduces-real.html

This new feature is designed to protect users against polymorphic apps that leverage AI to avoid detection.