🚀 Cybersecurity certifications are becoming essential for professionals to stand out in the competitive job market. With 37% of certified pros seeing salary boosts, they’re a smart career & financial investment.

Stay ahead—explore certifications: https://thehackernews.com/2024/09/cybersecurity-certifications-gateway-to.html

Ransomware attackers are using human-driven intrusions that mimic normal user behavior, making detection harder. Penetration testing, combining human expertise and automation, helps identify vulnerabilities before attackers strike.

Learn more: https://thehackernews.com/2024/09/how-to-plan-and-prepare-for-penetration.html

⚠️ Progress Software has released critical updates to patch six vulnerabilities in WhatsUp Gold, two of which carry a CVSS score of 9.8. Patch your systems before attackers exploit these flaws.

Read: https://thehackernews.com/2024/09/progress-software-releases-patches-for.html

Three Iranian hackers linked to the IRGC are accused of targeting U.S. officials and political campaigns using spear-phishing and social engineering.

The U.S. government is offering up to $10M for information leading to their arrest.

Read: https://thehackernews.com/2024/09/us-charges-three-iranian-nationals-for.html

⚡ A fake "WalletConnect" app on Android stole over $70,000 in 💸 cryptocurrency before being pulled from Google Play, with 10,000+ downloads and 150+ victims.

Learn more: https://thehackernews.com/2024/09/crypto-scam-app-disguised-as.html

Stay alert and protect your assets from DeFi scams!

Meta faces a €91 million GDPR fine for storing Facebook and Instagram user passwords in plaintext.

Meta failed to report the breach promptly and did not document these incidents correctly—a clear GDPR violation.

Read details: https://thehackernews.com/2024/09/meta-fined-91-million-for-storing.html

🚨 Critical vulnerabilities in 6 ATG systems could lead to remote attacks, causing physical damage, environmental hazards, and economic losses.

Gas stations, hospitals, and military bases are at risk, with thousands of ATGs exposed online.

https://thehackernews.com/2024/09/critical-flaws-in-tank-gauge-systems.html

Microsoft 365 is a prime #ransomware target, with hackers exploiting weak points to encrypt vital business data. Its widespread use across 400M+ users makes a breach devastating.

Stay protected—implement proactive defense strategies now: https://thehackernews.com/2024/09/why-microsoft-365-protection-reigns-supreme.html

🔑 🚨 Attackers are using modern session hijacking to steal credentials and access sensitive data. Even with MFA, stolen session cookies can bypass defenses and access cloud apps.

Learn what you can do to protect your cloud environments: https://thehackernews.com/2024/09/session-hijacking-20-latest-way-that.html

U.K. national charged for hacking execs’ Microsoft 365 accounts, earning millions through insider trading.

Read details: https://thehackernews.com/2024/10/uk-hacker-charged-in-375-million.html

🚨 This week's #CybersecurityRecap is packed!

From critical CUPS vulnerabilities 🖥️, to Google’s move to Rust reducing Android threats 📉, and Kia cars' security scare 🚗🔐. Plus, Kaspersky’s U.S. exit and mysterious "Noise Storms" 👀.

https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top_30.html

UPDATE: NSO Group responds to Apple's motion to dismiss, agreeing it should be dropped. NSO defends its Pegasus tool as essential for fighting crime in an era of end-to-end encryption (E2EE) and criticizes Apple for not cooperating with law enforcement.

https://thehackernews.com/2024/09/apple-drops-spyware-case-against-nso.html#nso-group-responds

🛑 Researchers uncovered a cryptojacking campaign exploiting Docker API endpoints to join malicious Docker Swarms. Attackers use tools like masscan to find vulnerabilities, spreading malware across Kubernetes & SSH networks.

Details: https://thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.html

Over 140,000 phishing websites connected to the Sniper Dz Phishing-as-a-Service (PhaaS) platform have surfaced, facilitating widespread credential theft.

Learn more: https://thehackernews.com/2024/10/free-sniper-dz-phishing-tools-fuel.html

⚠️ Rhadamanthys Stealer now leverages AI-powered Optical Character Recognition (OCR) to target #cryptocurrency wallets by extracting seed phrases from images.

Learn how this malware is evolving: https://thehackernews.com/2024/10/ai-powered-rhadamanthys-stealer-targets.html

Balancing #GenerativeAI productivity with security is a major challenge.

50% of heavy R&D users risk exposing source code & proprietary info, with unrestricted use leading to data leaks and costly breaches.

Explore LayerX’s guide to secure GenAI tools: https://thehackernews.com/2024/10/5-actionable-steps-to-prevent-genai.html

Fake PyPI packages posed as #cryptocurrency wallet recovery tools, stealing sensitive info. Attackers used dynamic dead drop resolvers, showing evolving tactics to evade detection.

Learn more: https://thehackernews.com/2024/10/pypi-repository-found-hosting-fake.html

⚠️ Zimbra Collaboration is under attack via a critical vulnerability (CVE-2024-45519) enabling remote command execution.

Even without Zimbra’s postjournal enabled, attackers can exploit this flaw with crafted SMTP messages.

Learn more: https://thehackernews.com/2024/10/researchers-sound-alarm-on-active.html

💣 Andariel, a sub-group of Lazarus, is now targeting U.S. orgs with financially motivated attacks using Dtrack & new Nukebot malware.

Learn more: https://thehackernews.com/2024/10/andariel-hacker-group-shifts-focus-to.html

They're exploiting known vulnerabilities—stay alert!

Non-Human Identities (NHIs) outnumber human ones by 92:1 in enterprises, making them a key target for cyber-attacks.

Ghost NHIs—leftover identities after employees leave—often go unprotected, creating serious vulnerabilities.

Don’t let your organization fall behind. Learn how to secure them: Read: https://thehackernews.com/expert-insights/2024/09/security-operations-for-non-human.html