💥 A critical flaw in SolarWinds Web Help Desk (CVE-2024-28987) has been actively exploited, and it involves hard-coded credentials that allow attackers to access sensitive help desk tickets.

Learn more: https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-in.html

🛡️ GitHub has released urgent security updates to fix a critical flaw (CVE-2024-9487) with a CVSS score of 9.5!

This bug allows unauthorized access by bypassing SAML SSO authentication—an immediate threat to your enterprise.

Details: https://thehackernews.com/2024/10/github-patches-critical-flaw-in.html

🛑 A new spear-phishing campaign in Brazil is using a clever trick to bypass security guardrails and deliver the dangerous Astaroth #malware.

Learn how to protect your organization from this growing threat: https://thehackernews.com/2024/10/astaroth-banking-malware-resurfaces-in.html

Zero-day vulnerabilities are on the rise, leaving businesses exposed.

NDR solutions with machine learning can detect network anomalies before attacks happen. Learn how AI-driven NDR is key to defending against these evolving threats.

https://thehackernews.com/2024/10/rise-of-zero-day-vulnerabilities.html

🔥 One click, and chaos begins!

North Korean APT group ScarCruft has been linked to the exploitation of a zero-day Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with RokRAT malware.

Read: https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html

🛡️ Malware like AgentTesla is making headlines for its stealthy data theft tactics.

With tools like ANYRUN's Threat Intelligence Lookup, offering searches across 40+ indicators and live sandbox analysis, threat detection has never been more powerful.

Read: https://thehackernews.com/2024/10/5-techniques-for-collecting-cyber.html

🔒 FIDO Alliance has proposed a new protocol to securely transfer passkeys 🔑 across different platforms.

Backed by Apple, Google, Microsoft, and Amazon, this signals a major shift in the future of authentication.

Read: https://thehackernews.com/2024/10/fido-alliance-drafts-new-protocol-to.html

Manage cybersecurity risk with a master’s from Georgetown. Learn more in our Oct. 23 webinar.


Join now: https://thn.news/cyberrisk-webinar-li

Researchers uncovered threat actors attempting to weaponize the open-source tool EDRSilencer to tamper with Endpoint Detection and Response (EDR) solutions.

Learn how it works: https://thehackernews.com/2024/10/hackers-abuse-edrsilencer-tool-to.html

🛑 Kubernetes Image Builder #vulnerability (CVE-2024-9486) has a serious root access flaw.

With a CVSS score of 9.8, this flaw lets attackers exploit default credentials to take over virtual machines using certain image builds.

Read: https://thehackernews.com/2024/10/critical-kubernetes-image-builder.html

Privileged Access Management (PAM) is more than compliance—it's your frontline defense against threats targeting critical assets.

Learn how to strengthen your PAM strategy before it’s too late.

Read: https://thehackernews.com/expert-insights/2024/10/master-privileged-access-management.html

⚡ 35,000 DDoS attacks in one year—Anonymous Sudan orchestrated this by running a DDoS botnet-for-hire.

Two Sudanese brothers face charges for targeting critical infrastructure and major companies, including #Microsoft, worldwide.

Read: https://thehackernews.com/2024/10/us-charges-two-sudanese-brothers-for.html

🚨 High-profile entities in the Middle East and Africa are under attack by SideWinder (APT-C-17), with a new multi-stage infection chain delivering the dangerous StealerBot malware.

Learn more: https://thehackernews.com/2024/10/sidewinder-apt-strikes-middle-east-and.html

🚨 Zero Trust in Google Workspace: Don’t Wait Until 2025 to Start! 🚨

Nearly 50% of companies planning to implement Zero Trust security within #googlecloud environments in 2025 struggle with getting started due to challenges like handling granular access controls, monitoring and auditing. Facing similar roadblocks?

💼 Join ex-Google expert Mikael Klambro and the Zenphi_co team in this free webinar to learn practical solutions, including:

▶ Automating user access controls 🌐
▶ Managing least privilege access for employees and third-party collaborators 👥
▶ Ensuring secure collaboration in a cloud-first environment ☁️

🎁 Bonus: Register now to receive our Zero Trust Implementation Blueprint—a resource that will not only enhance your organization’s #datasecurity but also set you apart as a top-tier Google Workspace and cybersecurity professional.

💡 Stay ahead of the curve in #accessmanagement and prepare your organization for 2025 — don’t miss it!

https://thn.news/zero-trust-gworkspace-webinar

🚨 Researchers just infiltrated the affiliate panel of the rising ransomware group, Cicada3301. This RaaS is targeting critical sectors with sophisticated, cross-platform attacks.

Learn more: https://thehackernews.com/2024/10/cross-platform-cicada3301-ransomware.html

With over 80% of breaches today leveraging compromised identities, managing your SaaS attack surface is critical. Discover how to gain full visibility over your SaaS environment and minimize identity-based risks.

Read: https://thehackernews.com/2024/01/5-ways-to-reduce-saas-security-risks.html

RomCom’s latest cyber espionage wave uses malware written in C++, Rust, Go, and Lua to attack high-profile Ukrainian and Polish entities.

Learn more: https://thehackernews.com/2024/10/russian-romcom-attacks-target-ukrainian.html

🛑 Microsoft discovered a serious security flaw (CVE-2024-44133) in #Apple’s macOS TCC framework that could bypass user consent for sensitive data access like your location, camera, or microphone!

Learn more: https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html

🛑 It’s all about the details…

Cybercriminals are getting more creative, now leveraging fake Google Meet pages to trick users into running malicious PowerShell code, infecting both Windows & macOS with info-stealers like StealC and Atomic.

https://thehackernews.com/2024/10/beware-fake-google-meet-pages-deliver.html

🚨 Cyber agencies sound the alarm as Iranian hackers relentlessly target critical sectors like #healthcare, IT, and energy through brute-force attacks, password spraying, and MFA push bombing.

Read ➡ https://thehackernews.com/2024/10/us-and-allies-warn-of-iranian.html