Mismanaged vulnerabilities in cloud environments are delaying incident responses and putting businesses at greater risk.

Discover how unified detection can close cloud security gaps and stop stealthy attacks before they unfold.

Read: https://thehackernews.com/2024/10/5-steps-to-boost-detection-and-response.html

🔥 Industry-first report covering real-world attacks on GenAI, analyzing 2,000+ LLM apps. Including jailbreak methods, adversaries' objectives, and technical insights.

Download the Pillar Security's full report here: https://thn.news/genai-attacks

North Korean hackers are now using a Linux variant of the notorious FASTCash malware to target ATMs by compromising payment switches in ATM cashout schemes.

Learn more: https://thehackernews.com/2024/10/new-linux-variant-of-fastcash-malware.html

DarkVision RAT returns in a new campaign via PureCrypter, enabling attackers to steal passwords, record screens, and gain full remote access for just $60—making sophisticated breaches accessible even to non-technical cybercriminals.

Read: https://thehackernews.com/2024/10/new-malware-campaign-uses-purecrypter.html

TrickMo Android trojan has upgraded—now stealing unlock patterns and PINs by mimicking the lock screen!

With thousands of stolen credentials already exposed, it’s targeting banking data, corporate VPNs, social media, and healthcare apps.

https://thehackernews.com/2024/10/trickmo-banking-trojan-can-now-capture.html

💥 A critical flaw in SolarWinds Web Help Desk (CVE-2024-28987) has been actively exploited, and it involves hard-coded credentials that allow attackers to access sensitive help desk tickets.

Learn more: https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-in.html

🛡️ GitHub has released urgent security updates to fix a critical flaw (CVE-2024-9487) with a CVSS score of 9.5!

This bug allows unauthorized access by bypassing SAML SSO authentication—an immediate threat to your enterprise.

Details: https://thehackernews.com/2024/10/github-patches-critical-flaw-in.html

🛑 A new spear-phishing campaign in Brazil is using a clever trick to bypass security guardrails and deliver the dangerous Astaroth #malware.

Learn how to protect your organization from this growing threat: https://thehackernews.com/2024/10/astaroth-banking-malware-resurfaces-in.html

Zero-day vulnerabilities are on the rise, leaving businesses exposed.

NDR solutions with machine learning can detect network anomalies before attacks happen. Learn how AI-driven NDR is key to defending against these evolving threats.

https://thehackernews.com/2024/10/rise-of-zero-day-vulnerabilities.html

🔥 One click, and chaos begins!

North Korean APT group ScarCruft has been linked to the exploitation of a zero-day Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with RokRAT malware.

Read: https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html

🛡️ Malware like AgentTesla is making headlines for its stealthy data theft tactics.

With tools like ANYRUN's Threat Intelligence Lookup, offering searches across 40+ indicators and live sandbox analysis, threat detection has never been more powerful.

Read: https://thehackernews.com/2024/10/5-techniques-for-collecting-cyber.html

🔒 FIDO Alliance has proposed a new protocol to securely transfer passkeys 🔑 across different platforms.

Backed by Apple, Google, Microsoft, and Amazon, this signals a major shift in the future of authentication.

Read: https://thehackernews.com/2024/10/fido-alliance-drafts-new-protocol-to.html

Manage cybersecurity risk with a master’s from Georgetown. Learn more in our Oct. 23 webinar.


Join now: https://thn.news/cyberrisk-webinar-li

Researchers uncovered threat actors attempting to weaponize the open-source tool EDRSilencer to tamper with Endpoint Detection and Response (EDR) solutions.

Learn how it works: https://thehackernews.com/2024/10/hackers-abuse-edrsilencer-tool-to.html

🛑 Kubernetes Image Builder #vulnerability (CVE-2024-9486) has a serious root access flaw.

With a CVSS score of 9.8, this flaw lets attackers exploit default credentials to take over virtual machines using certain image builds.

Read: https://thehackernews.com/2024/10/critical-kubernetes-image-builder.html

Privileged Access Management (PAM) is more than compliance—it's your frontline defense against threats targeting critical assets.

Learn how to strengthen your PAM strategy before it’s too late.

Read: https://thehackernews.com/expert-insights/2024/10/master-privileged-access-management.html

⚡ 35,000 DDoS attacks in one year—Anonymous Sudan orchestrated this by running a DDoS botnet-for-hire.

Two Sudanese brothers face charges for targeting critical infrastructure and major companies, including #Microsoft, worldwide.

Read: https://thehackernews.com/2024/10/us-charges-two-sudanese-brothers-for.html

🚨 High-profile entities in the Middle East and Africa are under attack by SideWinder (APT-C-17), with a new multi-stage infection chain delivering the dangerous StealerBot malware.

Learn more: https://thehackernews.com/2024/10/sidewinder-apt-strikes-middle-east-and.html

🚨 Zero Trust in Google Workspace: Don’t Wait Until 2025 to Start! 🚨

Nearly 50% of companies planning to implement Zero Trust security within #googlecloud environments in 2025 struggle with getting started due to challenges like handling granular access controls, monitoring and auditing. Facing similar roadblocks?

💼 Join ex-Google expert Mikael Klambro and the Zenphi_co team in this free webinar to learn practical solutions, including:

▶ Automating user access controls 🌐
▶ Managing least privilege access for employees and third-party collaborators 👥
▶ Ensuring secure collaboration in a cloud-first environment ☁️

🎁 Bonus: Register now to receive our Zero Trust Implementation Blueprint—a resource that will not only enhance your organization’s #datasecurity but also set you apart as a top-tier Google Workspace and cybersecurity professional.

💡 Stay ahead of the curve in #accessmanagement and prepare your organization for 2025 — don’t miss it!

https://thn.news/zero-trust-gworkspace-webinar

🚨 Researchers just infiltrated the affiliate panel of the rising ransomware group, Cicada3301. This RaaS is targeting critical sectors with sophisticated, cross-platform attacks.

Learn more: https://thehackernews.com/2024/10/cross-platform-cicada3301-ransomware.html