🔐 Google will soon block unsafe #Android sideloading in India, targeting apps that abuse sensitive permissions.

Learn more: https://thehackernews.com/2024/10/google-blocks-unsafe-android-app.html

The pilot has already stopped nearly 900,000 high-risk installs in Southeast Asia, making it a vital fraud protection tool.

A critical security flaw in Apache Avro SDK (CVE-2024-47561) threatens large-scale data processing systems.

Ensure your systems are patched to avoid arbitrary code execution risks.

Details here: https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html

Meet Gorilla, a new Mirai-based botnet issuing 300,000+ attack commands in just one month.

It exploits an Apache Hadoop vulnerability to control IoT devices and cloud hosts long-term.

Discover more about its capabilities.: https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html

⚠️💸 API vulnerabilities and bot attacks are costing organizations up to $186 billion a year. Learn how to protect your digital infrastructure from these growing threats.

👉 Read more: https://thehackernews.com/2024/10/vulnerable-apis-and-bot-attacks-costing.html

🔐 Qualcomm releases urgent security updates, including a critical patch for CVE-2024-43047—a flaw currently being exploited in the wild.

Learn more 👉 https://thehackernews.com/2024/10/qualcomm-urges-oems-to-patch-critical.html

Qualcomm urges OEMs to deploy the update ASAP.

Ukraine claims a cyber attack on Russian state media VGTRK on Putin’s birthday. While VGTRK downplays damage, reports say hackers wiped servers, including backups—a warning for those relying on basic recovery plans.

Read: https://thehackernews.com/2024/10/pro-ukrainian-hackers-strike-russian.html

GoldenJackal strikes again—targeting high-profile, air-gapped networks in embassies and government entities with sophisticated #malware like JackalWorm.

Read: https://thehackernews.com/2024/10/goldenjackal-target-embassies-and-air.html

Use of USB drives to exfiltrate data underscores the importance of monitoring offline systems.

⚡ Cyber threat group "Awaken Likho" is targeting Russian government and industrial entities with spear-phishing attacks, disguising malicious files as Word or PDF documents to trick users.

Learn more: https://thehackernews.com/2024/10/cyberattack-group-awaken-likho-targets.html

🔑 Discover how AI-powered identity systems, like One Identity’s Vigilance AI™ Threat Engine, are transforming #cybersecurity by detecting behavioral anomalies and preventing credential-based attacks.

Find details here: https://thehackernews.com/2024/10/the-value-of-ai-powered-identity.html

A recent case study shows how a malicious redirect led shoppers to a fake "evil twin" checkout page, stealing their financial info. Learn how quick action saved a retailer from costly damage.

Read: https://thehackernews.com/2024/10/new-case-study-evil-twin-checkout-page.html

🎮 Alert: Hackers are tricking GAMERS searching for cheats into downloading Lua-based malware, which stays hidden and delivers payloads like RedLine Stealer.

Learn how it works and how to stay safe: https://thehackernews.com/2024/10/gamers-tricked-into-downloading-lua.html

⚠️ WARNING: Ivanti’s CSA is under attack! Three new zero-day vulnerabilities are being actively exploited in the wild.

These flaws, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, allow attackers to bypass restrictions, execute arbitrary SQL, and gain remote code execution—all with admin privileges.

Find details here: https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html

⚠️ Microsoft warns of cyberattacks abusing OneDrive, SharePoint & Dropbox.

Hackers use “living-off-trusted-sites” (LOTS) to bypass defenses. View-only files trick users into sharing 2FA tokens, leading to BEC & financial fraud.

Learn more: https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html

👉 Microsoft has released patches for 118 vulnerabilities, two of which (CVE-2024-43572 and CVE-2024-43573) are being actively exploited in the wild.

Find details here: https://thehackernews.com/2024/10/microsoft-issues-security-update-fixing.html

Ensure your systems are protected—apply these patches ASAP!

New IoT regulations may force small manufacturers out of business, despite improving security. With 100+ new vulnerabilities daily, compliance costs are rising fast.

How will this impact cybersecurity? Read: https://thehackernews.com/expert-insights/2024/10/will-small-iot-device-oem-survive.html

Social media security is crucial for protecting your brand and finances. Poor governance can lead to unauthorized access and costly mistakes.

Learn how SSPM tools can help safeguard against unauthorized access and financial risks.

Read: https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html

🚨 Developers Under Attack!

A North Korean campaign, "Contagious Interview," is tricking job seekers with fake offers, leading to malware disguised as coding tasks.

Hackers use fake video conferencing apps to target both Windows & macOS.

Read: https://thehackernews.com/2024/10/n-korean-hackers-use-fake-interviews-to.html

⚠️ Multiple MMS protocol vulnerabilities pose a severe threat to industrial devices, potentially leading to crashes or remote code execution that could disrupt critical infrastructure.

Learn more: https://thehackernews.com/2024/10/researchers-uncover-major-security.html

#infosec

Google partners with GASA and DNS RF to launch the Global Signal Exchange (GSE), providing real-time insights into scam patterns to protect businesses from cybercrime.

Read: https://thehackernews.com/2024/10/google-joins-forces-with-gasa-and-dns.html

🚨 Warning: A critical #vulnerability (CVE-2024-9680) in Firefox is being actively exploited.

Don’t wait—ensure your browsers are updated now to protect against potential remote code execution.

Learn more: https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html