Threat actors like APT28, REF2924, and Red Stinger are weaponizing #Microsoft Graph API to evade detection and communicate with their command-and-control infrastructure hosted on Microsoft cloud services.

Read: https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html

🔥 Webinar Alert >>

Join us for "Uncovering Contemporary DDoS Attack Tactics" with cybersecurity expert Andrey Slastenov. Learn how to protect your business from devastating DDoS attacks.

Don't miss out—register today: https://thehackernews.com/2024/05/expert-led-webinar-learn-latest-ddos.html

Czechia and Germany reveal they were targets of a massive cyber espionage campaign by Russia-linked APT28 hacker group. The audacious attacks exploited a critical Microsoft Outlook flaw to compromise email accounts.

Learn more: https://thehackernews.com/2024/05/microsoft-outlook-flaw-exploited-by.html

🚨 Attention, Mac users! Beware of new malware called Cuckoo targeting Intel and ARM-based Macs. It steals data from crypto wallets and messaging apps, spread through music app sites.

Read: https://thehackernews.com/2024/05/new-cuckoo-persistent-macos-spyware.html

Xiaomi devices running Android have been found to contain multiple security vulnerabilities in various apps and system components.

These flaws could lead to unauthorized access, data theft, and privacy breaches.

Learn more: https://thehackernews.com/2024/05/xiaomi-android-devices-hit-by-multiple.html

New findings suggest the ArcaneDoor cyber espionage campaign targeting network devices from Cisco (CVE-2024-20353, CVE-2024-20359) and others may be linked to China-based actors.

Read: https://thehackernews.com/2024/05/china-linked-hackers-suspected-in.html

The attacks used custom Line Runner and Line Dancer malware.

Cyberattacks can be a financial nightmare for SMBs. From operational disruptions to data loss and ransom demands, the costs can quickly drain your resources.

Discover how a managed EDR solution can help prevent these catastrophic expenses: https://thehackernews.com/2024/05/it-costs-how-much-financial-pitfalls-of.html

Russian operator of BTC-e crypto exchange pleads guilty to money laundering charges spanning 2011-2017. Alexander Vinnik admitted to facilitating transactions for cybercriminals worldwide.

Find details here: https://thehackernews.com/2024/05/russian-operator-of-btc-e-crypto.html

Google is streamlining 2-factor authentication (2FA) for personal and Workspace accounts!

🔐 No more SMS codes needed - you can now directly add authenticator apps or security keys.

Learn more: https://thehackernews.com/2024/05/google-simplifies-2-factor.html

🕵️‍♀️ MITRE research firm reveals alarming details about a recent cyber attack that dates back to late 2023.

Adversary used backdoors, web shells, and credential harvesting to breach VMware infrastructure.

🔗 Read details: https://thehackernews.com/2024/05/china-linked-hackers-used-rootrot.html

A simple "Thank you" comment hid a dangerous vulnerability that exposed customer data.

This eye-opening case study shows why robust web security measures are crucial for any site with user communities.

Learn more: https://thehackernews.com/2024/05/new-case-study-malicious-comment.html

🚨 ALERT: Iranian hackers (APT42) posing as journalists and event organizers to launch cyber attacks on NGOs, media, academia, and activists.

Learn how they gain access here: https://thehackernews.com/2024/05/apt42-hackers-pose-as-journalists-to.html

🚨 BREAKING!!!

Authorities have unmasked the administrator behind the prolific LockBit ransomware as 31-year-old Russian national Dmitry Yuryevich Khoroshev.

Read details here: https://thehackernews.com/2024/05/russian-hacker-dmitry-khoroshev.html

⚠️ URGENT: A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting attackers full control of affected sites.

Details here: https://thehackernews.com/2024/05/hackers-exploiting-litespeed-cache-bug.html

Stay safe, update ASAP!

DORA, the EU's new cybersecurity regulation for financial institutions, is more than just a compliance check. It mandates rigorous testing of operational resilience.

Learn how you can quantify risks & prioritize remediation efforts.

Read: https://thehackernews.com/expert-insights/2024/05/dora-guiding-resilience-of-digital.html

🚨 Alert: The new version of HijackLoader is stealthier than ever with advanced modules designed to outsmart detection tools.

It can now:
✅ Exclude Windows Defender
✅ Bypass UAC
✅ Evade API hooking
✅ Employ process hollowing

Read: https://thehackernews.com/2024/05/hijack-loader-malware-employs-process.html

🔐 Researchers found a new attack called "Pathfinder" that extracts encryption keys and data from Intel CPUs.

This technique bypasses current Spectre mitigations by manipulating the CPU's branch prediction system.

Details here: https://thehackernews.com/2024/05/new-spectre-style-pathfinder-attack.html

Get Certificate in Cybersecurity Risk Management!

With a graduate certificate from Georgetown, you’ll develop strategic knowledge of cyber strategies that increase security.

Learn more: https://thn.news/georgetown-cybersec-cert-insta

🚨 Researchers found 2 CRITICAL vulnerabilities in F5 Next Central Manager that could let attackers create secret backdoor ADMIN accounts for full control, evading detection even after patching.

Read details here: https://thehackernews.com/2024/05/critical-f5-central-manager.html

Cloud Security isn't just the provider's responsibility. Did you know that as an org, you're responsible for securing everything you create in the cloud?

🔐 Discover the must-know cloud pentesting building blocks - read on: https://thehackernews.com/2024/05/the-fundamentals-of-cloud-security.html