UPDATE: NSO Group responds to Apple's motion to dismiss, agreeing it should be dropped. NSO defends its Pegasus tool as essential for fighting crime in an era of end-to-end encryption (E2EE) and criticizes Apple for not cooperating with law enforcement.

https://thehackernews.com/2024/09/apple-drops-spyware-case-against-nso.html#nso-group-responds

🛑 Researchers uncovered a cryptojacking campaign exploiting Docker API endpoints to join malicious Docker Swarms. Attackers use tools like masscan to find vulnerabilities, spreading malware across Kubernetes & SSH networks.

Details: https://thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.html

Over 140,000 phishing websites connected to the Sniper Dz Phishing-as-a-Service (PhaaS) platform have surfaced, facilitating widespread credential theft.

Learn more: https://thehackernews.com/2024/10/free-sniper-dz-phishing-tools-fuel.html

⚠️ Rhadamanthys Stealer now leverages AI-powered Optical Character Recognition (OCR) to target #cryptocurrency wallets by extracting seed phrases from images.

Learn how this malware is evolving: https://thehackernews.com/2024/10/ai-powered-rhadamanthys-stealer-targets.html

Balancing #GenerativeAI productivity with security is a major challenge.

50% of heavy R&D users risk exposing source code & proprietary info, with unrestricted use leading to data leaks and costly breaches.

Explore LayerX’s guide to secure GenAI tools: https://thehackernews.com/2024/10/5-actionable-steps-to-prevent-genai.html

Fake PyPI packages posed as #cryptocurrency wallet recovery tools, stealing sensitive info. Attackers used dynamic dead drop resolvers, showing evolving tactics to evade detection.

Learn more: https://thehackernews.com/2024/10/pypi-repository-found-hosting-fake.html

⚠️ Zimbra Collaboration is under attack via a critical vulnerability (CVE-2024-45519) enabling remote command execution.

Even without Zimbra’s postjournal enabled, attackers can exploit this flaw with crafted SMTP messages.

Learn more: https://thehackernews.com/2024/10/researchers-sound-alarm-on-active.html

💣 Andariel, a sub-group of Lazarus, is now targeting U.S. orgs with financially motivated attacks using Dtrack & new Nukebot malware.

Learn more: https://thehackernews.com/2024/10/andariel-hacker-group-shifts-focus-to.html

They're exploiting known vulnerabilities—stay alert!

Non-Human Identities (NHIs) outnumber human ones by 92:1 in enterprises, making them a key target for cyber-attacks.

Ghost NHIs—leftover identities after employees leave—often go unprotected, creating serious vulnerabilities.

Don’t let your organization fall behind. Learn how to secure them: Read: https://thehackernews.com/expert-insights/2024/09/security-operations-for-non-human.html

🔍 Discover how dynamic malware analysis & real-time interactivity reveal hidden behaviors!

Tools like #AnyRun let #cybersecurity pros monitor DNS/HTTP traffic & export data for deeper analysis with Wireshark.

Learn more: https://thehackernews.com/2024/10/5-must-have-tools-for-effective-dynamic.html

🚨 A critical vulnerability, CosmicSting (CVE-2024-34102), has hit 5% of Adobe Commerce & Magento stores.

7 hacker groups are injecting malicious scripts.

Details here: https://thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html

Patching isn’t enough—rotate your encryption keys now!

🚨 14 vulnerabilities found in DrayTek routers, including 2 critical (CVSS 10.0). These flaws allow attackers to take full control and infiltrate networks.

Read: https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html

With 704,000+ routers exposed online, the risk is massive. Patch now!

⚠️ 🔍 The Hidden Threat in Your Inbox!

A spear-phishing campaign is tricking recruiters into downloading a JavaScript backdoor called More_Eggs through fake resumes.

Learn how to protect your team and avoid costly breaches: https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html

⚠️ New threat alert: CeranaKeeper is targeting Southeast Asia with massive data exfiltration!

Using tools like TONESHELL & PUBLOAD, it evades detection by abusing Dropbox & OneDrive.

Learn more: https://thehackernews.com/2024/10/china-linked-ceranakeeper-targeting.html

A global fraud campaign is using fake trading apps like SBI-INT and FINANS INSIGHTS on the Apple & Google Play stores to scam users. These apps passed reviews, deceiving victims.

Read: https://thehackernews.com/2024/10/fake-trading-apps-target-victims.html

Stay alert and protect your funds!

🔥 Critical SQL Injection vulnerability (CVE-2024-29824) in Ivanti EPM is actively exploited!

CVSS 9.6—unauthenticated attackers can execute code remotely. Federal agencies must patch by Oct 23.

Find details here: https://thehackernews.com/2024/10/ivanti-endpoint-manager-flaw-actively.html

Authorities arrested 4 linked to LockBit ransomware, including a suspected developer in France. Aleksandr Ryzhenkov, a high-ranking Evil Corp member and LockBit affiliate, was outed.

Read: https://thehackernews.com/2024/10/lockbit-ransomware-and-evil-corp.html

Operation also exposed Kremlin ties to cybercrime groups.

INTERPOL cracks down on phishing scams and romance fraud in West Africa under Operation Contender 2.0, emphasizing global cooperation in cybersecurity.

Learn more: https://thehackernews.com/2024/10/interpol-arrests-8-in-major-phishing.html

⚠️ North Korean-backed APT37 (aka InkySquid) has been observed delivering a never-before-seen backdoor, VeilShell, as part of stealthy state-sponsored cyberattacks targeting Southeast Asia.

Find details here: https://thehackernews.com/2024/10/north-korean-hackers-using-new.html

🔴 New stealthy #malware "Perfctl" is hitting Linux servers, running crypto miners & proxyjacking undetected. It exploits Polkit vulnerability (CVE-2021-4043) for privilege escalation & uses a rootkit to evade defense.

Details here: https://thehackernews.com/2024/10/new-perfctl-malware-targets-linux.html