Privileged Access Management (PAM) is more than compliance—it's your frontline defense against threats targeting critical assets.

Learn how to strengthen your PAM strategy before it’s too late.

Read: https://thehackernews.com/expert-insights/2024/10/master-privileged-access-management.html

⚡ 35,000 DDoS attacks in one year—Anonymous Sudan orchestrated this by running a DDoS botnet-for-hire.

Two Sudanese brothers face charges for targeting critical infrastructure and major companies, including #Microsoft, worldwide.

Read: https://thehackernews.com/2024/10/us-charges-two-sudanese-brothers-for.html

🚨 High-profile entities in the Middle East and Africa are under attack by SideWinder (APT-C-17), with a new multi-stage infection chain delivering the dangerous StealerBot malware.

Learn more: https://thehackernews.com/2024/10/sidewinder-apt-strikes-middle-east-and.html

🚨 Zero Trust in Google Workspace: Don’t Wait Until 2025 to Start! 🚨

Nearly 50% of companies planning to implement Zero Trust security within #googlecloud environments in 2025 struggle with getting started due to challenges like handling granular access controls, monitoring and auditing. Facing similar roadblocks?

💼 Join ex-Google expert Mikael Klambro and the Zenphi_co team in this free webinar to learn practical solutions, including:

▶ Automating user access controls 🌐
▶ Managing least privilege access for employees and third-party collaborators 👥
▶ Ensuring secure collaboration in a cloud-first environment ☁️

🎁 Bonus: Register now to receive our Zero Trust Implementation Blueprint—a resource that will not only enhance your organization’s #datasecurity but also set you apart as a top-tier Google Workspace and cybersecurity professional.

💡 Stay ahead of the curve in #accessmanagement and prepare your organization for 2025 — don’t miss it!

https://thn.news/zero-trust-gworkspace-webinar

🚨 Researchers just infiltrated the affiliate panel of the rising ransomware group, Cicada3301. This RaaS is targeting critical sectors with sophisticated, cross-platform attacks.

Learn more: https://thehackernews.com/2024/10/cross-platform-cicada3301-ransomware.html

With over 80% of breaches today leveraging compromised identities, managing your SaaS attack surface is critical. Discover how to gain full visibility over your SaaS environment and minimize identity-based risks.

Read: https://thehackernews.com/2024/01/5-ways-to-reduce-saas-security-risks.html

RomCom’s latest cyber espionage wave uses malware written in C++, Rust, Go, and Lua to attack high-profile Ukrainian and Polish entities.

Learn more: https://thehackernews.com/2024/10/russian-romcom-attacks-target-ukrainian.html

🛑 Microsoft discovered a serious security flaw (CVE-2024-44133) in #Apple’s macOS TCC framework that could bypass user consent for sensitive data access like your location, camera, or microphone!

Learn more: https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html

🛑 It’s all about the details…

Cybercriminals are getting more creative, now leveraging fake Google Meet pages to trick users into running malicious PowerShell code, infecting both Windows & macOS with info-stealers like StealC and Atomic.

https://thehackernews.com/2024/10/beware-fake-google-meet-pages-deliver.html

🚨 Cyber agencies sound the alarm as Iranian hackers relentlessly target critical sectors like #healthcare, IT, and energy through brute-force attacks, password spraying, and MFA push bombing.

Read ➡ https://thehackernews.com/2024/10/us-and-allies-warn-of-iranian.html

North Korean IT workers posing as contractors are now demanding ransoms from former employers after stealing proprietary data.

These workers avoid using company-issued laptops, rerouting them and leveraging personal devices to evade detection.

https://thehackernews.com/2024/10/north-korean-it-workers-in-western.html

With rising threats & regulations, companies are scrambling to secure their data. That’s where Data Security Posture Management (DSPM) helps.

Join our WEBINAR to see how DSPM works in real-world scenarios & secures every piece of the data puzzle.

https://thehackernews.com/2024/10/the-ultimate-dspm-guide-webinar-on.html

Get ahead of the cybersecurity curve by understanding key frameworks and acronyms like DDR, CASB, and NIST for comprehensive data security.

Read: https://thehackernews.com/2024/10/acronym-overdose-navigating-complex.html

A critical XSS vulnerability in Roundcube Webmail has been exploited to steal user credentials via phishing attacks.

Read: https://thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html

Ensure your systems are updated to versions 1.5.7 or 1.6.7 to avoid these risks!

🔥 Researchers revealed severe vulnerabilities in major end-to-end encrypted (E2EE) cloud storage platforms, including Sync, pCloud, and Tresorit. These flaws could allow malicious servers to tamper with or access your sensitive data.

Read: https://thehackernews.com/2024/10/researchers-discover-severe-security.html

🔐 Weekly #Cybersecurity Recap!

Hackers are getting smarter, but so are we! From macOS flaws to TrickMo Android trojans, here's what you need to know to stay safe.

Catch all the critical updates in our latest newsletter: https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_21.html

⚠️APT41, a Chinese nation-state actor, has launched a sophisticated cyber attack against the gaming industry, stealthily gathering critical data like user passwords and network configurations over six months.

Learn more: https://thehackernews.com/2024/10/chinese-nation-state-hackers-apt41-hit.html

💡 With new vulnerabilities emerging daily, pentest checklists are essential for cybersecurity teams. Each asset—web apps, networks, APIs—requires a tailored checklist for its specific threats.

Read: https://thehackernews.com/2024/10/guide-ultimate-pentest-checklist-for.html

Have you updated your pentesting protocols recently?

⚠️ CISA has added a critical zero-day vulnerability (CVE-2024-9537) affecting ScienceLogic SL1 to its KEV catalog.

This flaw, with a staggering CVSS score of 9.3, allows for remote code execution.

Read 👉 https://thehackernews.com/2024/10/cisa-adds-sciencelogic-sl1.html

Apply the latest patches.

VMware has released updates for CVE-2024-38812, a critical #vulnerability in vCenter Server.

With a CVSS score of 9.8, this heap-overflow flaw could allow remote code execution, fundamentally jeopardizing organizational security.

Read: https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html