👨‍💻🔐 A new security vulnerability (CVE-2024-27322) has been discovered in the R programming language. It could allow attackers to execute arbitrary code through malicious RDS files, exposing your projects to supply chain attacks.

Read: https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html

🚨 NEW THREAT ALERT!

Cybersecurity researchers have uncovered "Muddling Meerkat" - a sophisticated Chinese threat actor abusing DNS for global reconnaissance since 2019.

Details: https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html

Just in! Google is tightening the screws on bad actors:

200K app submissions rejected
333K bad accounts blocked
2.28 million policy-violating apps prevented
31 SDKs impacting 790,000+ apps had data access limited
1.5 million outdated apps removed

https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html

🔒 Say goodbye to easily guessable passwords on your smart home devices!

The U.K.'s PSTI act prohibits DEFAULT PASSWORDS from April 2024 onwards. Manufacturers must up their security game or face hefty fines up to £10 MILLION.

Read: https://thehackernews.com/2024/04/new-uk-law-bans-default-passwords-on.html

🤖 U.S. government releases new AI security guidelines to protect critical systems like power grids and water treatment plants from AI threats.

Learn more: https://thehackernews.com/2024/04/us-government-releases-new-ai-security.html

🚨 MILLIONS of malicious "imageless" containers have been planted on Docker Hub over the past 5 years in multiple cybercriminal campaigns designed to phish users and deliver #malware payloads.

Get details here: https://thehackernews.com/2024/04/millions-of-malicious-imageless.html

Former NSA employee, Jareh Sebastian Dalke, has been sentenced to a nearly 22-year prison sentence for attempting to sell classified documents to Russia in exchange for $85,000.

Read: https://thehackernews.com/2024/05/ex-nsa-employee-sentenced-to-22-years.html

ZLoader, a dangerous malware, has resurfaced with an enhanced anti-analysis feature that prevents it from running on any machine other than the one initially infected.

Learn more about it: https://thehackernews.com/2024/05/zloader-malware-evolves-with-anti.html

Are your employees snoozing through outdated cybersecurity training? 69% admit to bypassing security guidelines.

Wake them up! Engage your team with relevant, expertly crafted lessons that drive real behavioral change.

Read on to learn how: https://thehackernews.com/2024/05/everyones-expert-how-to-empower-your.html

Researchers have uncovered a new Android malware called Wpeeper that uses compromised WordPress sites to hide its true command-and-control servers.

This sneaky backdoor can collect device info, manage files, & execute malicious commands.

Learn more: https://thehackernews.com/2024/05/android-malware-wpeeper-uses.html

🕵️‍♀️ Forensic analysis uncovers criminal Bitcoin clusters tied to money laundering.

Scientists teamed up to analyze blockchain data, revealing shady transactions to crypto exchanges. Hunt on to stop bad actors.

Read on: https://thehackernews.com/2024/05/bitcoin-forensic-analysis-uncovers.html

🚨 Attention router users!

A new stealthy malware called Cuttlefish is targeting SOHO routers to monitor ALL traffic passing through infected devices to steals authentication credentials.

Read: https://thehackernews.com/2024/05/new-cuttlefish-malware-hijacks-router.html

🚨 Attention GitLab users!

A critical flaw (CVE-2023-7028) is being actively exploited, allowing account takeover by sending password reset emails to unverified addresses.

Read details: https://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html

Update to the latest patched versions immediately.

A new botnet called Goldoon is targeting D-Link routers with a critical vulnerability from 2015.

This flaw (CVE-2015-2051) allows RCE, giving attackers full control. An alarming spike in Goldoon activity was detected on April 9th.

https://thehackernews.com/2024/05/new-goldoon-botnet-targets-d-link.html

⚡ Dropbox Sign Breached!

Unidentified hackers accessed user emails, usernames, and account settings for all Dropbox Sign users. Emails, phone numbers, and authentication info like API keys were also exposed for some.

Learn more: https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html

🕵️‍♂️ Ukrainian hacker from REvil gang sentenced to over 13 years, ordered to pay $16M restitution for 2,500+ attacks demanding $700M in crypto ransoms.

Learn more: https://thehackernews.com/2024/05/ukrainian-revil-hacker-sentenced-to-13.html

Relying on a single vulnerability scanner? New research shows leading scanners can miss thousands of vulnerabilities.

Use multiple scanning engines for a comprehensive view of your attack surface.

Learn more: https://thehackernews.com/2024/05/when-is-one-vulnerability-scanner-not.html

🚨 Alert - Popular Android apps like Xiaomi File Manager and WPS Office are vulnerable to a path traversal flaw that could let hackers overwrite files and execute malicious code, leaving over 1.5 billion users exposed.

Details here: https://thehackernews.com/2024/05/popular-android-apps-like-xiaomi-wps.html

Exploring DSPMs at RSA? With Sentra's DSPM:

🔸Your data stays in your environment
🔸Get 150+ out-of-the-box and custom classifiers
🔸There's no need to configure connections manually
🔸Continuous activity log monitoring & suspicious activities alert

Schedule a live demo: https://thn.news/sentra

Aruba Networking has released patches for ArubaOS to fix 4 critical flaws allowing remote code execution, giving attackers full control.

https://thehackernews.com/2024/05/four-critical-vulnerabilities-expose.html

Vulnerability affects mobility controllers, WLAN gateways, and more. Update software immediately to stay protected.