A new variant of RedLine Stealer, an information-stealing malware, has emerged using Lua bytecode to enhance its ability to evade detection. It is being distributed via repositories on GitHub disguised as game cheats.

Details: https://thehackernews.com/2024/04/new-redline-stealer-variant-disguised.html

North Korea-linked hackers, like Emerald Sleet, are using AI, particularly large language models (LLMs), for cyber operations, including spear-phishing, vulnerability research, reconnaissance and creating malicious content.

Details: https://thehackernews.com/2024/04/microsoft-warns-north-korean-hackers.html

⚠️Windows users, watch out!

Researchers detail a vulnerability in the Windows DOS-to-NT path conversion process which can be exploited by threat actors to gain rootkit-like capabilities, hiding files and processes without admin permissions.

https://thehackernews.com/2024/04/researchers-uncover-windows-flaws.html

MITRE Corporation hit by nation-state attack exploiting zero-day flaws in Ivanti Connect Secure.

Read: https://thehackernews.com/2024/04/mitre-corporation-breached-by-nation.html

Companies use 53 (🤯) security solutions on average... yet still get breached. How can we bridge this gap?

Read the latest report: https://thehackernews.com/2024/04/penteras-2024-report-reveals-hundreds.html

Ransomware victims, beware of re-victimization!

Orange Cyberdefense finds some organizations are hit multiple times. Reasons include affiliate crossovers and data misuse. Learn how to protect your organization.

Read: https://thehackernews.com/2024/04/ransomware-double-dip-re-victimization.html

Kaspersky has uncovered a concerning threat actor, ToddyCat, targeting government and military entities.

This group employs a wide range of tools to maintain persistent access and steal data on an "industrial scale."

https://thehackernews.com/2024/04/russian-hacker-group-toddycat-uses.html

🔐 Software supply chain breaches are a ticking time bomb. Forget playing defense - it's time to take the offensive against supply chain attackers.

⚡ Join our next cybersecurity webinar to learn battle-tested strategies from the experts.

Register now: https://thehacker.news/supply-chain-threats

💻 Hackers linked to Russia have been exploiting a Windows bug for YEARS to deploy GooseEgg malware for escalating attack access.

More insights here... https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html

U.S. State Department imposed visa restrictions on 13 individuals linked to selling spyware for surveillance misuse targeting journalists, academics, and human rights defenders.

Read: https://thehackernews.com/2024/04/us-imposes-visa-restrictions-on-13.html

The Great Privacy Debate >>

European law enforcement agencies are deeply concerned about the widespread use of end-to-end encryption (E2EE), indicating it could severely hamper efforts to tackle online crimes like child abuse and terrorism.

https://thehackernews.com/2024/04/police-chiefs-call-for-solutions-to.html

Germany issues arrest warrants for 3 citizens accused of spying for China to obtain sensitive tech data that could aid Beijing's military capabilities.

Find details here: https://thehackernews.com/2024/04/german-authorities-issue-arrest.html

Lost revenue, angry customers, regulatory fines… cyberattacks have far-reaching consequences.

👉 Projected costs to hit $10.5 trillion by 2025
👉 88% of breaches due to human error

Get the full story and prepare: https://thehackernews.com/2024/04/unmasking-true-cost-of-cyberattacks.html

🚨 Researchers discovered a "dependency confusion" #vulnerability in an archived Apache project, Cordova App Harness.

Get all the details in our latest post: https://thehackernews.com/2024/04/apache-cordova-app-harness-targeted-in.html

A new malware campaign has been observed distributing three info-stealers—CryptBot, LummaC2, and Rhadamanthys—using CDN cache domains to avoid detection.

Read: https://thehackernews.com/2024/04/coralraider-malware-campaign-exploits.html

⚠️ Malware Alert: A sophisticated campaign called GuptiMiner is exploiting a vulnerability in eScan antivirus to distribute backdoors and crypto miners.

Read on to explore the potential state-sponsored ties: https://thehackernews.com/2024/04/escan-antivirus-update-mechanism.html

⚡ Major security flaws uncovered in popular Chinese keyboard apps, which could expose users' private keystrokes.

Over 1 billion people using Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi devices may be affected.

Details: https://thehackernews.com/2024/04/major-security-flaws-expose-keystrokes.html

IT offboarding is my favorite task! Said no one, ever.

Automate 90% of IT manual offboarding tasks with Nudge Security. Discover ALL SaaS identities and automate steps to revoke access, including OAuth grants and non-SSO accounts.

Get started here: https://thn.news/automated-it-offboarding-software

🕵️‍♂️ Heads up! Researchers have uncovered a sneaky attack delivering malware called SSLoad through phishing emails. This cunning malware infiltrates systems, steals sensitive data, and relays it back to the attackers.

Read: https://thehackernews.com/2024/04/researchers-detail-multistage-attack.html

U.S. Treasury Department has sanctioned two Iranian firms and four individuals for their involvement in malicious cyber activities targeting U.S. companies and government entities on behalf of the IRGC-CEC.

More details. 👇 https://thehackernews.com/2024/04/us-treasury-sanctions-iranian-firms-and.html