⚠️ WARNING: Ivanti’s CSA is under attack! Three new zero-day vulnerabilities are being actively exploited in the wild.

These flaws, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, allow attackers to bypass restrictions, execute arbitrary SQL, and gain remote code execution—all with admin privileges.

Find details here: https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html

⚠️ Microsoft warns of cyberattacks abusing OneDrive, SharePoint & Dropbox.

Hackers use “living-off-trusted-sites” (LOTS) to bypass defenses. View-only files trick users into sharing 2FA tokens, leading to BEC & financial fraud.

Learn more: https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html

👉 Microsoft has released patches for 118 vulnerabilities, two of which (CVE-2024-43572 and CVE-2024-43573) are being actively exploited in the wild.

Find details here: https://thehackernews.com/2024/10/microsoft-issues-security-update-fixing.html

Ensure your systems are protected—apply these patches ASAP!

New IoT regulations may force small manufacturers out of business, despite improving security. With 100+ new vulnerabilities daily, compliance costs are rising fast.

How will this impact cybersecurity? Read: https://thehackernews.com/expert-insights/2024/10/will-small-iot-device-oem-survive.html

Social media security is crucial for protecting your brand and finances. Poor governance can lead to unauthorized access and costly mistakes.

Learn how SSPM tools can help safeguard against unauthorized access and financial risks.

Read: https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html

🚨 Developers Under Attack!

A North Korean campaign, "Contagious Interview," is tricking job seekers with fake offers, leading to malware disguised as coding tasks.

Hackers use fake video conferencing apps to target both Windows & macOS.

Read: https://thehackernews.com/2024/10/n-korean-hackers-use-fake-interviews-to.html

⚠️ Multiple MMS protocol vulnerabilities pose a severe threat to industrial devices, potentially leading to crashes or remote code execution that could disrupt critical infrastructure.

Learn more: https://thehackernews.com/2024/10/researchers-uncover-major-security.html

#infosec

Google partners with GASA and DNS RF to launch the Global Signal Exchange (GSE), providing real-time insights into scam patterns to protect businesses from cybercrime.

Read: https://thehackernews.com/2024/10/google-joins-forces-with-gasa-and-dns.html

🚨 Warning: A critical #vulnerability (CVE-2024-9680) in Firefox is being actively exploited.

Don’t wait—ensure your browsers are updated now to protect against potential remote code execution.

Learn more: https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html

⚠️ Cyber Alerts:

—Fortinet CVE-2024-23113 actively exploited, patch by Oct 30!
—Palo Alto Expedition vulnerable to SQL & OS injection.
—Cisco patches critical bug in Nexus Dashboard Fabric Controller.

Read: https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html

Critical systems must be patched immediately.

🚨 New "Mongolian Skimmer" uses Unicode obfuscation to steal sensitive data from e-commerce sites!

It disables debugging tools & adapts to browsers, making it highly evasive.

Learn more: https://thehackernews.com/2024/10/cybercriminals-use-unicode-to-hide.html

🧐 SOC Analyst burnout is surging, with 80.8% expecting stress to worsen. AI-driven triage and response can ease the burden, allowing analysts to focus on higher-value tasks.

Discover how AI can lighten the load for your team: https://thehackernews.com/2024/10/6-simple-steps-to-eliminate-soc-analyst.html

A critical unpatched #vulnerability (CVE-2024-9441) in the Nice Linear eMerge E3 access controller has been uncovered, carrying a CVSS score of 9.8, with proof-of-concept exploits already circulating.

Learn more: https://thehackernews.com/2024/10/experts-warn-of-critical-unpatched.html

👩‍💻 OpenAI disrupts 20+ global deceptive operations exploiting AI models for advanced cyber activities like phishing, influence operations, and even election interference.

Learn more: https://thehackernews.com/2024/10/openai-blocks-20-global-malicious.html

The digital landscape is shifting fast—are you ready to keep up with the latest threats? 🌐⚡

Join us on October 17 as we break down the key findings from the 2024 Kaseya Cybersecurity Survey! Get insights into:

🚀 How AI is transforming cyberattacks
👥 The challenges of user behavior
🛡️ How network penetration testing secure your network
📈 What companies are doing to prepare for 2025

📅 Date: October 17
⏰ Time: 1 PM EST / 10 AM PST
🔗 Save Your Spot: https://thn.news/cyber-survey-2024

Don’t miss this session to stay one step ahead in cybersecurity!

🌍 Dutch police have dismantled Bohemia and Cannabia, the largest darkweb markets for illegal goods and cybercrime. Arrests in the Netherlands and Ireland, with €8M in seized cryptocurrency, prove dark web anonymity is fading.

Read: https://thehackernews.com/2024/10/bohemia-and-cannabia-dark-web-markets.html

🚩 A critical security flaw in GitLab (CVE-2024-9164) could allow attackers to run CI/CD pipelines on unauthorized branches.

Find details here: https://thehackernews.com/2024/10/new-critical-gitlab-vulnerability-could.html

Update your instance ASAP to avoid becoming the next victim.

💻🔒 Cybercriminals are leveling up! Phishing campaigns now exploit GitHub links, Telegram bots, and even QR codes to bypass security and deliver malware.

Read: https://thehackernews.com/2024/10/github-telegram-bots-and-qr-codes.html

🔥 FBI created its own cryptocurrency token, NexFundAI, to bust widespread market manipulation. Several market makers are charged with wash trading and a pump-and-dump scheme.

Read: https://thehackernews.com/2024/10/fbi-creates-fake-cryptocurrency-to.html

Iranian threat actor OilRig is exploiting a Windows Kernel #vulnerability (CVE-2024-30088) to gain SYSTEM privileges, enabling backdoor deployment and data theft.

Learn how to protect your systems now https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html