A new botnet called Goldoon is targeting D-Link routers with a critical vulnerability from 2015.

This flaw (CVE-2015-2051) allows RCE, giving attackers full control. An alarming spike in Goldoon activity was detected on April 9th.

https://thehackernews.com/2024/05/new-goldoon-botnet-targets-d-link.html

⚡ Dropbox Sign Breached!

Unidentified hackers accessed user emails, usernames, and account settings for all Dropbox Sign users. Emails, phone numbers, and authentication info like API keys were also exposed for some.

Learn more: https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html

🕵️‍♂️ Ukrainian hacker from REvil gang sentenced to over 13 years, ordered to pay $16M restitution for 2,500+ attacks demanding $700M in crypto ransoms.

Learn more: https://thehackernews.com/2024/05/ukrainian-revil-hacker-sentenced-to-13.html

Relying on a single vulnerability scanner? New research shows leading scanners can miss thousands of vulnerabilities.

Use multiple scanning engines for a comprehensive view of your attack surface.

Learn more: https://thehackernews.com/2024/05/when-is-one-vulnerability-scanner-not.html

🚨 Alert - Popular Android apps like Xiaomi File Manager and WPS Office are vulnerable to a path traversal flaw that could let hackers overwrite files and execute malicious code, leaving over 1.5 billion users exposed.

Details here: https://thehackernews.com/2024/05/popular-android-apps-like-xiaomi-wps.html

Exploring DSPMs at RSA? With Sentra's DSPM:

🔸Your data stays in your environment
🔸Get 150+ out-of-the-box and custom classifiers
🔸There's no need to configure connections manually
🔸Continuous activity log monitoring & suspicious activities alert

Schedule a live demo: https://thn.news/sentra

Aruba Networking has released patches for ArubaOS to fix 4 critical flaws allowing remote code execution, giving attackers full control.

https://thehackernews.com/2024/05/four-critical-vulnerabilities-expose.html

Vulnerability affects mobility controllers, WLAN gateways, and more. Update software immediately to stay protected.

Google announces that over 400 million accounts now use passkeys—the passwordless authentication solution—and are extending support for the use of passkeys to high-risk users as part of its Advanced Protection Program (APP).

https://thehackernews.com/2024/05/google-announces-passkeys-adopted-by.html

🐍 Python isn't just a language, it's a gateway to innovation in blockchain!

Join the conversation with Mark, Min, and John from Algorand Foundation as they discuss the fusion of Python & blockchain development.

Watch it here: https://thehackernews.com/videos/2024/05/why-you-should-consider-leveraging-your.html

📨 Watch Out for Spoofed Emails!

The U.S. government has issued a new advisory warning about North Korean hackers sending spoofed emails that appear to be from trusted sources

Learn more: https://thehackernews.com/2024/05/nsa-fbi-alert-on-n-korean-hackers.html

🚨 65% of SaaS apps aren't approved by IT! Are you aware of the risks lurking in your digital workspace? Discover how unauthorized apps can jeopardize your data and what you can do about it.

Dive into this guide on mitigating Shadow SaaS risks: https://thehackernews.com/2024/05/new-guide-explains-how-to-eliminate.html

Threat actors like APT28, REF2924, and Red Stinger are weaponizing #Microsoft Graph API to evade detection and communicate with their command-and-control infrastructure hosted on Microsoft cloud services.

Read: https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html

🔥 Webinar Alert >>

Join us for "Uncovering Contemporary DDoS Attack Tactics" with cybersecurity expert Andrey Slastenov. Learn how to protect your business from devastating DDoS attacks.

Don't miss out—register today: https://thehackernews.com/2024/05/expert-led-webinar-learn-latest-ddos.html

Czechia and Germany reveal they were targets of a massive cyber espionage campaign by Russia-linked APT28 hacker group. The audacious attacks exploited a critical Microsoft Outlook flaw to compromise email accounts.

Learn more: https://thehackernews.com/2024/05/microsoft-outlook-flaw-exploited-by.html

🚨 Attention, Mac users! Beware of new malware called Cuckoo targeting Intel and ARM-based Macs. It steals data from crypto wallets and messaging apps, spread through music app sites.

Read: https://thehackernews.com/2024/05/new-cuckoo-persistent-macos-spyware.html

Xiaomi devices running Android have been found to contain multiple security vulnerabilities in various apps and system components.

These flaws could lead to unauthorized access, data theft, and privacy breaches.

Learn more: https://thehackernews.com/2024/05/xiaomi-android-devices-hit-by-multiple.html

New findings suggest the ArcaneDoor cyber espionage campaign targeting network devices from Cisco (CVE-2024-20353, CVE-2024-20359) and others may be linked to China-based actors.

Read: https://thehackernews.com/2024/05/china-linked-hackers-suspected-in.html

The attacks used custom Line Runner and Line Dancer malware.

Cyberattacks can be a financial nightmare for SMBs. From operational disruptions to data loss and ransom demands, the costs can quickly drain your resources.

Discover how a managed EDR solution can help prevent these catastrophic expenses: https://thehackernews.com/2024/05/it-costs-how-much-financial-pitfalls-of.html

Russian operator of BTC-e crypto exchange pleads guilty to money laundering charges spanning 2011-2017. Alexander Vinnik admitted to facilitating transactions for cybercriminals worldwide.

Find details here: https://thehackernews.com/2024/05/russian-operator-of-btc-e-crypto.html

Google is streamlining 2-factor authentication (2FA) for personal and Workspace accounts!

🔐 No more SMS codes needed - you can now directly add authenticator apps or security keys.

Learn more: https://thehackernews.com/2024/05/google-simplifies-2-factor.html